37.1准备工作
setenforce 0
vim /etc/selinux/config
SELINUX=disabled 37.2 创建docker centos-ssh-root
37.2.1 创建dockerfile
# 选择一个已有的os镜像作为基础
FROM centos
# 镜像的作者
MAINTAINER baoyou [email protected]
# 安装openssh-server和sudo软件包,并且将sshd的UsePAM参数设置成no
RUN yum install -y openssh-server sudo
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
#安装openssh-clients
RUN yum install -y openssh-clients
# 添加测试用户root,密码root,并且将此用户添加到sudoers里
RUN echo "root:root" | chpasswd
RUN echo "root ALL=(ALL) ALL" >> /etc/sudoers
# 下面这两句比较特殊,在centos6上必须要有,否则创建出来的容器sshd不能登录
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# 启动sshd服务并且暴露22端口
RUN mkdir /var/run/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"] 37.2.2 执行命令
mkdir centos-ssh-root
cd centos-ssh-root
vim Dockerfile
docker build -t "curiousby/centos-ssh-root:original" . 37.2.3 build 运行日志
[root@bogon centos-ssh-root]# docker build -t curiousby/centos-ssh-root:original .
Sending build context to Docker daemon 2.56kB
Step 1/12 : FROM centos
---> 328edcd84f1b
Step 2/12 : MAINTAINER curiousby [email protected]
---> Running in a07c67ece348
---> a3f6c43634d0
Removing intermediate container a07c67ece348
Step 3/12 : RUN yum install -y openssh-server sudo
---> Running in 7319491e2cb1
Loaded plugins: fastestmirror, ovl
http://centos.ustc.edu.cn/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2001:da8:d800:95::110: Network is unreachable"
Trying other mirror.
Determining fastest mirrors
* base: mirrors.btte.net
* extras: mirrors.nwsuaf.edu.cn
* updates: mirrors.nwsuaf.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package openssh-server.x86_64 0:6.6.1p1-35.el7_3 will be installed
--> Processing Dependency: openssh = 6.6.1p1-35.el7_3 for package: openssh-server-6.6.1p1-35.el7_3.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-6.6.1p1-35.el7_3.x86_64
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-35.el7_3.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-6.6.1p1-35.el7_3.x86_64
---> Package sudo.x86_64 0:1.8.6p7-23.el7_3 will be installed
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package openssh.x86_64 0:6.6.1p1-35.el7_3 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-server x86_64 6.6.1p1-35.el7_3 updates 440 k
sudo x86_64 1.8.6p7-23.el7_3 updates 735 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 base 21 k
fipscheck-lib x86_64 1.4.1-5.el7 base 11 k
openssh x86_64 6.6.1p1-35.el7_3 updates 438 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
Transaction Summary
================================================================================
Install 2 Packages (+4 Dependent packages)
Total download size: 1.7 M
Installed size: 4.9 M
Downloading packages:
Public key for fipscheck-1.4.1-5.el7.x86_64.rpm is not installed
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-1.4.1-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for sudo-1.8.6p7-23.el7_3.x86_64.rpm is not installed
http://mirrors.nwsuaf.edu.cn/centos/7.3.1611/updates/x86_64/Packages/openssh-6.6.1p1-35.el7_3.x86_64.rpm: [Errno 12] Timeout on http://mirrors.nwsuaf.edu.cn/centos/7.3.1611/updates/x86_64/Packages/openssh-6.6.1p1-35.el7_3.x86_64.rpm: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
Trying other mirror.
--------------------------------------------------------------------------------
Total 32 kB/s | 1.7 MB 00:52
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/6
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/6
Installing : openssh-6.6.1p1-35.el7_3.x86_64 3/6
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/6
Installing : openssh-server-6.6.1p1-35.el7_3.x86_64 5/6
Installing : sudo-1.8.6p7-23.el7_3.x86_64 6/6
Verifying : openssh-6.6.1p1-35.el7_3.x86_64 1/6
Verifying : openssh-server-6.6.1p1-35.el7_3.x86_64 2/6
Verifying : sudo-1.8.6p7-23.el7_3.x86_64 3/6
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 4/6
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 5/6
Verifying : fipscheck-1.4.1-5.el7.x86_64 6/6
Installed:
openssh-server.x86_64 0:6.6.1p1-35.el7_3 sudo.x86_64 0:1.8.6p7-23.el7_3
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7
openssh.x86_64 0:6.6.1p1-35.el7_3 tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
---> a5b6b2590449
Removing intermediate container 7319491e2cb1
Step 4/12 : RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
---> Running in cd9fa1a6f379
---> b3ad6bbf3c1b
Removing intermediate container cd9fa1a6f379
Step 5/12 : RUN yum install -y openssh-clients
---> Running in fadadcf8ab9b
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* extras: mirrors.nwsuaf.edu.cn
* updates: mirrors.nwsuaf.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-35.el7_3 will be installed
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-35.el7_3.x86_64
--> Running transaction check
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-clients x86_64 6.6.1p1-35.el7_3 updates 642 k
Installing for dependencies:
libedit x86_64 3.0-12.20121213cvs.el7 base 92 k
Transaction Summary
================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 735 k
Installed size: 2.4 M
Downloading packages:
--------------------------------------------------------------------------------
Total 111 kB/s | 735 kB 00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 1/2
Installing : openssh-clients-6.6.1p1-35.el7_3.x86_64 2/2
Verifying : openssh-clients-6.6.1p1-35.el7_3.x86_64 1/2
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 2/2
Installed:
openssh-clients.x86_64 0:6.6.1p1-35.el7_3
Dependency Installed:
libedit.x86_64 0:3.0-12.20121213cvs.el7
Complete!
---> 7c2753e2677d
Removing intermediate container fadadcf8ab9b
Step 6/12 : RUN echo "root:root" | chpasswd
---> Running in 75fab0b6b241
---> c1cb3babeee2
Removing intermediate container 75fab0b6b241
Step 7/12 : RUN echo "root ALL=(ALL) ALL" >> /etc/sudoers
---> Running in f0c0c32b70c1
---> 48f3a187f13f
Removing intermediate container f0c0c32b70c1
Step 8/12 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
---> Running in afc9cf2b6d76
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
13:ce:12:9b:d1:4f:5e:ee:35:b1:ed:48:60:58:92:35 root@c7947be2eb9d
The key's randomart image is:
+--[ DSA 1024]----+
| .oE |
| . .+ . |
| o o o + . |
| B = + . + |
| + S o . = .|
| . . . o + |
| . . .|
| |
| |
+-----------------+
Enter passphrase (empty for no passphrase): Enter same passphrase again: ---> 8d9c838f0e26
Removing intermediate container afc9cf2b6d76
Step 9/12 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
---> Running in d7131a2534c2
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
c1:dc:54:6c:45:d8:35:c3:cf:ac:fb:35:22:6a:2e:0e root@c7947be2eb9d
The key's randomart image is:
+--[ RSA 2048]----+
| .o.=++.|
| o o + ..o|
| + .. o.|
| . +|
| S . |
| . |
| E . . o.|
| .. .. . o o|
| ..+o ..|
+-----------------+
Enter passphrase (empty for no passphrase): Enter same passphrase again: ---> 0f71202ee047
Removing intermediate container d7131a2534c2
Step 10/12 : RUN mkdir /var/run/sshd
---> Running in e3f36ab8616f
---> 6007b08d3e2b
Removing intermediate container e3f36ab8616f
Step 11/12 : EXPOSE 22
---> Running in 653c57effb5a
---> 6533c53d9497
Removing intermediate container 653c57effb5a
Step 12/12 : CMD /usr/sbin/sshd -D
---> Running in 46accc61a713
---> 265bd8a128b3
Removing intermediate container 46accc61a713
Successfully built 265bd8a128b3
Successfully tagged curiousby/centos-ssh-root:original
37.2.4 build 验证
捐助开发者
在兴趣的驱动下,写一个
免费
的东西,有欣喜,也还有汗水,希望你喜欢我的作品,同时也能支持一下。 当然,有钱捧个钱场(支持支付宝和微信 以及扣扣群),没钱捧个人场,谢谢各位。
个人主页:
http://knight-black-bob.iteye.com/ 谢谢您的赞助,我会做的更好!