how to make docker image ssh enabled

Question

We have docker running on one machine

Workstation running on other machine

I want to do bootstrap from workstation on docker container then our image should be ssh enabled

How to make docker image ssh enabled.

Answer 1

You can find prebuilt images with SSH installed, for instance CentOS tutum/centos and Debian tutum/debian

And the Dockerfiles used to build them

https://github.com/tutumcloud/tutum-centos/blob/master/Dockerfile https://github.com/tutumcloud/tutum-debian/blob/master/Dockerfile

Answer 2

Using the CMD command in your Dockerfile will indeed enable ssh

CMD ["/usr/sbin/sshd", "-D"]

But there is a huge downside. If you already have a CMD command (that starts MySQL for example), then you are facing a problem not easily resolved in Docker. You can use only one CMD in Dockerfile. But there is a workaround for that, using supervisor. What you do is tell Dockerfile to install Supervisor:

RUN apt-get install -y openssh-server supervisor

Using supervisor, you can start as many processes as you want on container startup. These processes are defined in supervisor.conf file (naming is arbitrary) located in the directory with your Dockerfile. In your Dockerfile you tell Docker to copy this file during building:

ADD supervisor-base.conf /etc/supervisor.conf

Then you tell Docker to start supervisor when container starts (when supervisor starts, supervisor will also start all processes listed in the supervisor.conf file mentioned above).

CMD ["supervisord", "-c", "/etc/supervisor.conf"]

Your supervisor.conf file may look like this:

[supervisord]
nodaemon=true

[program:sshd]
directory=/usr/local/
command=/usr/sbin/sshd -D
autostart=true
autorestart=true
redirect_stderr=true

There is one issue to be careful about. Supervisor needs to start as a root, otherwise it will throw errors. So if your Dockerfile defines an user to start container with (e.g USER jboss), then you should put USER root at the end of your Dockerfile, so that supervisor starts with root. In your supervisor.conf file you simply define a user for each process:

[program:wildfly]
user=jboss
command=/opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0

[program:chef]
user=chef
command=/bin/bash -c chef-2.1/bin/start.sh

Of course, these users need to be pre-defined in your dockerfile. E.g.

RUN groupadd -r -f jboss -g 2000 && useradd -u 2000 -r -g jboss -m -d /opt/jboss -s /sbin/nologin -c "JBoss user" jboss

You can learn more about Supervisor+Docker+SSH in more details in this article.

Answer 3

Notice: this answer promotes a tool I've written.

Some answers here suggest to place an SSH server inside your container. Conceptually running multiple processes in one container is not the right approach (https://docs.docker.com/articles/dockerfile_best-practices/). A more favorable solution is one that involves multiple containers each running their own process/service. Linking them together would result in a coherent application.

I've created a containerized SSH server that you can 'stick' to any running container. This way you can create compositions with every container, without that container even knowing about ssh. The only requirement is that the container has bash.

The following example would start an SSH server attached to a container with name 'sshd-web-server1'.

docker run -ti --name sshd-web-server1 -e CONTAINER=web-server1 -p 2222:22 \
-v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker \
jeroenpeeters/docker-ssh

You connect to the SSH server with your ssh client of choice, just as you normally would.

Be adviced: Docker-SSH is currently still under development, but it does work! Please let me know what you think

For more pointers and documentation see: https://github.com/jeroenpeeters/docker-ssh

Answer 4

Before you add ssh you should see if docker exec will be sufficient for what you need. (doc link)

If you do need SSH, the following Dockerfile should help (copied from Docker docs):

# sshd
#
# VERSION               0.0.2

FROM ubuntu:14.04
MAINTAINER Sven Dowideit <SvenDowideit@docker.com>

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:screencast' | chpasswd
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile

EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]