Reputation: 849
Can't ssh localhost within docker
I build docker image with ssh enabled by such dockerfile: docker build -t debian-ssh:v00 .
From debian
WORKDIR /
RUN apt update && apt install -y openssh-server sudo
RUN sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config
RUN echo "root:123456" | chpasswd
RUN echo "root ALL=(ALL) ALL" >> /etc/sudoers
# RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
# RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN mkdir /run/sshd
# RUN mkdir /var/run/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
After building, I start container by docker run -d --name ssh00 debian-ssh00. Then docker exec -it ssh00 bash -> ssh localhost, it give me message:
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:sF5hbx2GTw/Fq3QhQyRJ2+YNwBFPy/Iu5c8PtgpU/ok.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
Permission denied, please try again.
root@localhost's password:
Permission denied, please try again.
root@localhost's password:
root@localhost: Permission denied (publickey,password).
I type password 123456 above. Why this happended?
I use docker for windows with latest version, i.e. docker engine v20.10.2 but still using backend hyper-V
Update:
There was an official tutorial about Dockerize an SSH service in the year 2020. But now it is discouraged.
Upvotes: 0
Views: 2874
Answers (2)
Reputation: 412
This is purely configuration of sshd daemon issue. By default for security reasons access to root account with password authentication is disabled so you have two options:
- Change the configuration of the ssh daemon and allow password authentication for root account (NOTE there is a reason why we don't allow root access by default so I would suggest you leave it this way)
- Set up public/private key and set up authorized_keys file for root account in this context. I'm not sure how do you want to use this container and in general you should simply add your public key in /root/.ssh/authorized_keys file and you' ll be fine.
For your particular case if you really want to solve your problem with
ssh localhost
You can add one line to your Dockerfile which generates a public/private keypair and adds it to your authorized_keys for root user OR you can run this command after you first login using docker exec command.
Your altered Dockerfile (public/private key version)
FROM debian
WORKDIR /
RUN apt update && apt install -y openssh-server sudo
RUN sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config
RUN echo "root:123456" | chpasswd
RUN echo "root ALL=(ALL) ALL" >> /etc/sudoers
# RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
# RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" && cat /root/.ssh/id_rsa.pub>/root/.ssh/authorized_keys
RUN mkdir /run/sshd
# RUN mkdir /var/run/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
OR simply run this command in container after you execute into bash
ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" && cat /root/.ssh/id_rsa.pub>/root/.ssh/authorized_keys
UPDATE: You are using sed but sed isn't available so as for starter you need to add sed with apt and if you want to build this container with PermitRootLogin yes you need to use sed to change the /etc/ssh/sshd_config file. Your altered Dockerfile (root password login allowed)
FROM Debian
WORKDIR /
RUN apt update && apt install -y openssh-server sudo sed
RUN sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config && sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
RUN echo "root:123456" | chpasswd
RUN echo "root ALL=(ALL) ALL" >> /etc/sudoers
# RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
# RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN mkdir /run/sshd
# RUN mkdir /var/run/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
I hope this solves your problem fully.
Upvotes: 1
Reputation: 1326676
First, once in your Docker bash session, try and change the root password (again) with the passwd command: it will ask you for your old password (the one you put in Dockerfile).
That way, you can double check the default container account (here root) does indeed have the password '123456'.
Second, try the same ssh command in verbose mode, to see if any clues are apparent:
ssh -vv localhost
If the password for root is correct, then check you /etc/ssh/sshd_config: if it has PermitRootLogin no, it would disallow any root session.
If this works, you would need to modify your Dockerfile in order to amend the /etc/ssh/sshd_config.
The OP Spaceship222 confirms in the discussion:
RUN echo "PermitRootLogin yes" >> /etc/ssh/sshd_configwill make debian-based container work
Upvotes: 2
Related Questions
- Unable to connect localhost in docker
- Docker can't connect to localhost
- docker can connect to localhost of host machine, but not to a local ip of other machine in host network
- Can't connect to localhost of the host machine from inside of my Docker container
- Docker on Ubuntu unable to connect to localhost but works connecting to its ip
- Can't ssh into docker container
- Docker: Connection from inside the container to localhost:port Refused
- Connect to docker-machine using 'localhost'
- connect to localhost port inside the docker container is refused
- localhost refuses connection with docker