我读了一篇SSH Daemon Service的文章。 但我想在Centos6.4上运行。所以我从官方的centos图像设置几乎相同的istruction。 然后我连接到centos sshd服务器,但连接立即关闭。 这是信息。
ssh root@localhost -p 49164
The authenticity of host '[localhost]:49164 ([127.0.0.1]:49164)' can't be established.
RSA key fingerprint is 88:71:89:e5:30:91:78:5c:bf:cb:88:c2:5b:81:1a:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:49164' (RSA) to the list of known hosts.
root@localhost's password:
Connection to localhost closed.
为什么我无法连接centos sshd服务器?
答案 0 :(得分:20)
如果你在sshd配置中关闭PAM,那么这里有同样的问题。
以下是我们的Dockerfile
中的相关行RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config
RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config
答案 1 :(得分:4)
我让sshd与" centos"来自Docker repo的图片:
UsePAM yes /etc/init.d/sshd start,因为它会在第一次运行时生成密钥。.ssh 我的Dockerfile是:
FROM centos:latest
RUN yum update -y
RUN yum install -y openssh-server sudo
RUN /etc/init.d/sshd start
RUN useradd admin -G wheel
RUN echo 'admin:secret' | chpasswd
RUN echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers
RUN mkdir -p /home/admin/.ssh
ADD authorized_keys /home/admin/.ssh/
RUN chown -R admin:admin /home/admin/.ssh; chmod 700 /home/admin/.ssh
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
答案 2 :(得分:2)
我还必须生成服务器密钥,之后“ssh -v”会立即退出
...
debug1: SSH2_MSG_KEXINIT
Connection closed by ...
这是我的工作(Vagrant 1.3.5和docker 0.7)sshd的Dockerfile配置:
# sshd
RUN echo 'root:secret' | chpasswd
RUN yum install -y openssh-server
RUN mkdir -p /var/run/sshd ; chmod -rx /var/run/sshd
# http://stackoverflow.com/questions/2419412/ssh-connection-stop-at-debug1-ssh2-msg-kexinit-sent
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# Bad security, add a user and sudo instead!
RUN sed -ri 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
# http://stackoverflow.com/questions/18173889/cannot-access-centos-sshd-on-docker
RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config
RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config
####################
ADD supervisord.conf /etc/supervisord.conf
EXPOSE 10389 22
CMD ["/usr/bin/supervisord"]
我的supervisord.conf:
[supervisord]
nodaemon=true
[program:sshd]
command=/usr/sbin/sshd -D
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
答案 3 :(得分:2)
在Docker网站上,示例Dockerizing an SSH Daemon Service显示了解决此问题的Dockerfile。重要的一行是评论SSH login fix之后的sed命令:
# sshd
#
# VERSION 0.0.2
FROM ubuntu:14.04
MAINTAINER Sven Dowideit <SvenDowideit@docker.com>
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:screencast' | chpasswd
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
它基于Ubuntu映像,但它也适用于CentOS 6。
答案 4 :(得分:0)
这是最终与centos8一起为我工作的dockerfile。请注意,centos7和8在官方映像中默认未启用systemd。
FROM centos:8
ENV container docker
#### enabling systemd according to docs on: https://hub.docker.com/_/centos/
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
### install & configure sshd
RUN yum update -y && yum install -y libcgroup libcgroup-tools openssh-server
### authorize by public key
COPY id_rsa_centos_docker.pub /root/.ssh/authorized_keys
RUN chmod a-r /root/.ssh/authorized_keys
RUN chmod g-r /root/.ssh/authorized_keys
RUN echo "root:welcome1" | chpasswd
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
RUN sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
RUN sed -i 's/PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
CMD ["/usr/sbin/init"]
运行服务(即使您在macOS上没有像我这样的本地/ sys / fs / cgrup):
docker run -d -p 2022:22 -v /sys/fs/cgroup:/sys/fs/cgroup:ro --mount type=tmpfs,destination=/run centos8-sshd "/usr/sbin/init"