第一步:pull一个ubuntu:14:04镜像
[root@localhost ~]# docker pull ubuntu:14.04 14.04: Pulling from library/ubuntu 01a4f8387457: Pull complete c887940e680c: Pull complete 5432573ac160: Pull complete 027ee9a9665e: Pull complete 5611db80430d: Pull complete Digest: sha256:3ed36e21dd87806fa6d92f91ae1a172d6b4f76b3471eef09dd847c6110a180b6 Status: Downloaded newer image for ubuntu:14.04 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu 14.04 d6ed29ffda6b 4 days ago 221MB tomcat latest 11df4b40749f 7 days ago 557MB adminer <none> faa9618a39a6 2 weeks ago 58.8MB mysql latest 5709795eeffa 2 weeks ago 408MB hello-world latest 725dcfab7d63 2 weeks ago 1.84kB clearlinux latest 32685d114002 2 weeks ago 62.5MB alpine latest 053cde6e8953 2 weeks ago 3.96MB
第二步:创建一个容器并进入容器
[root@localhost ~]# docker run -ti ubuntu:14.04 /bin/bash root@e8dccc52cb96:/#
第三步:apt-get update更新软件源信息
root@e8dccc52cb96:/# apt-get update Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB] Ign http://archive.ubuntu.com trusty InRelease Get:2 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB] Get:3 http://security.ubuntu.com trusty-security/universe Sources [79.5 kB] Get:4 http://archive.ubuntu.com trusty-backports InRelease [65.9 kB] Get:5 http://archive.ubuntu.com trusty Release.gpg [933 B] Get:6 http://security.ubuntu.com trusty-security/main amd64 Packages [857 kB] Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [244 kB] Get:8 http://security.ubuntu.com trusty-security/restricted amd64 Packages [18.0 kB] Get:9 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1291 kB] Get:10 http://security.ubuntu.com trusty-security/universe amd64 Packages [248 kB] Get:11 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4716 B] Get:12 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [21.4 kB] Get:13 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [560 kB] Get:14 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [16.3 kB] Get:15 http://archive.ubuntu.com trusty-backports/main amd64 Packages [14.7 kB] Get:16 http://archive.ubuntu.com trusty-backports/restricted amd64 Packages [40 B] Get:17 http://archive.ubuntu.com trusty-backports/universe amd64 Packages [52.5 kB] Get:18 http://archive.ubuntu.com trusty-backports/multiverse amd64 Packages [1392 B] Get:19 http://archive.ubuntu.com trusty Release [58.5 kB] Get:20 http://archive.ubuntu.com trusty/universe Sources [7926 kB] Get:21 http://archive.ubuntu.com trusty/main amd64 Packages [1743 kB] Get:22 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0 kB] Get:23 http://archive.ubuntu.com trusty/universe amd64 Packages [7589 kB] Get:24 http://archive.ubuntu.com trusty/multiverse amd64 Packages [169 kB] Fetched 21.1 MB in 17s (1206 kB/s) Reading package lists... Done
第四步:安装ssh服务openssh-server
root@e8dccc52cb96:/# apt-get install openssh-server Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2 libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term openssh-client openssh-sftp-server openssl python python-chardet python-minimal python-requests python-six python-urllib3 python2.7 python2.7-minimal ssh-import-id tcpd wget xauth Suggested packages: krb5-doc krb5-user ssh-askpass libpam-ssh keychain monkeysphere rssh molly-guard ufw python-doc python-tk python2.7-doc binutils binfmt-support The following NEW packages will be installed: ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2 libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term openssh-client openssh-server openssh-sftp-server openssl python python-chardet python-minimal python-requests python-six python-urllib3 python2.7 python2.7-minimal ssh-import-id tcpd wget xauth 0 upgraded, 38 newly installed, 0 to remove and 2 not upgraded. Need to get 7592 kB of archives. After this operation, 35.3 MB of additional disk space will be used. Do you want to continue? [Y/n] y
第五步:手动创建/var/run/sshd目录,并启动sshd服务
root@e8dccc52cb96:/# mkdir -p /var/run/sshd root@e8dccc52cb96:/# /usr/sbin/sshd -D & [1] 3015 root@e8dccc52cb96:/# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3015/sshd tcp6 0 0 :::22 :::* LISTEN 3015/sshd
第六步:在宿主机下生成公钥信息,公钥信息保存到文件/root/.ssh/id_rsa.pub中,使用ssh-keygen工具都默认下一步。
[root@localhost .ssh]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 28:e6:c8:54:25:d7:f1:4f:41:84:a0:39:0c:a2:b7:66 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | . o o.oo ++ | | . . * o... . | |. . . = . . | | . o o o | | E o . S . | | = + . | | o . | | | | | +-----------------+
第七步:查看公钥信息
[root@localhost .ssh]# cat /root/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBXLx/qrI3hUtYSssRSSrIMLMQpNwlzA99cT2vB+GgcgyJT0pQZydSvXZwve2bYA95xHDJJRxM3fZK5W86nVUtYVU34GG28dRePvbN40EFFeCbrrAbgM+XhbfoWDwLJhQy9bz9CZ2LcODOPZnqK6H77y7xDuy38/9iNln+AErgQ4fAFRMRBacetpKGokkWDjaKQvW8a7f940yUqr2jGiC9l0KVVd/VPw5i5U7HVOnZ0ZwlPEuXUj7zxAOW6aXLeMJ6IrFS4Zg0WUm0CpH6Krq8V+JZsIjqaxk4UF4ymp7TTVbyB+TG9/uSUMyRnga3p5HdYA4TBLXAlq6KM+Gg6GUx [email protected]
第八步:将以上公钥信息保存到容器的/root/.ssh/authorized_keys中
root@e8dccc52cb96:~/.ssh# cat /root/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBXLx/qrI3hUtYSssRSSrIMLMQpNwlzA99cT2vB+GgcgyJT0pQZydSvXZwve2bYA95xHDJJRxM3fZK5W86nVUtYVU34GG28dRePvbN40EFFeCbrrAbgM+XhbfoWDwLJhQy9bz9CZ2LcODOPZnqK6H77y7xDuy38/9iNln+AErgQ4fAFRMRBacetpKGokkWDjaKQvW8a7f940yUqr2jGiC9l0KVVd/VPw5i5U7HVOnZ0ZwlPEuXUj7zxAOW6aXLeMJ6IrFS4Zg0WUm0CpH6Krq8V+JZsIjqaxk4UF4ymp7TTVbyB+TG9/uSUMyRnga3p5HdYA4TBLXAlq6KM+Gg6GUx [email protected]
第九步:修改SSH服务安全登录配置,取消pam限制
sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
第十步:创建自启动SSH服务的可执行文件run.sh,并添加可执行权限
root@e8dccc52cb96:~/.ssh# vi /run.sh root@e8dccc52cb96:~/.ssh# cat /run.sh #!/bin/bash /usr/sbin/sshd -D root@e8dccc52cb96:~/.ssh# chmod +x /run.sh root@e8dccc52cb96:~/.ssh# exit
第十一步:保存镜像
[root@localhost ~]# docker commit e8d sshd:ubuntu sha256:ac3169fe4fcf6a0cfbd2a6a50fd11ef12d3c584122d0657a4acbf3695fc26521 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE sshd ubuntu ac3169fe4fcf 7 seconds ago 284MB ubuntu 14.04 d6ed29ffda6b 4 days ago 221MB tomcat latest 11df4b40749f 7 days ago 557MB adminer <none> faa9618a39a6 2 weeks ago 58.8MB mysql latest 5709795eeffa 2 weeks ago 408MB hello-world latest 725dcfab7d63 2 weeks ago 1.84kB clearlinux latest 32685d114002 2 weeks ago 62.5MB alpine latest 053cde6e8953 2 weeks ago 3.96MB
第十二步:验证创建的镜像是否成功
[root@localhost ~]# sudo docker run -p 100:22 -d sshd:ubuntu /run.sh a878a77a2de3bb12edb2cd8c8121a43221a411b255e4dd7cb530d217684ad26a [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a878a77a2de3 sshd:ubuntu "/run.sh" 16 seconds ago Up 12 seconds 0.0.0.0:100->22/tcp hardcore_boyd 3dcb19a519fe adminer:latest "entrypoint.sh doc..." About an hour ago Up About an hour 8080/tcp mysql_adminer.1.2pz52p76jiykg8yqgjr6psgtp a334bfbd2f37 mysql:latest "docker-entrypoint..." About an hour ago Up About an hour 3306/tcp mysql_db.1.diaxlly44nq1347uia3gnwo1q [root@localhost ~]# ssh 192.168.0.107 -p 100 The authenticity of host '[192.168.0.107]:100 ([192.168.0.107]:100)' can't be established. ECDSA key fingerprint is 08:b9:ed:00:c1:4b:44:42:04:08:15:6b:cd:1f:d4:89. Are you sure you want to continue connecting (yes/no)? y Please type 'yes' or 'no': yes Warning: Permanently added '[192.168.0.107]:100' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@a878a77a2de3:~#