How to deploy a Docker container with SSH access
Jack Wallen shows you how to create a Docker container with SSH access.
When you have running containers, there might be a time when you have to connect to that container to run a command or handle some maintenance. Of course, you can always access the running container using the docker exec -it CONTAINER_ID bash command (where CONTAINER_ID is the actual ID of the container). But how do you SSH into those containers? And should you want to? That’s the rub.
The problem is that because there are so many moving parts, containers can be insecure. Because of that, you won’t want to allow SSH connections to containers in production environments, but for development and testing environments, this can be a real help.
With that said, I’m going to show you how to set up SSH connections for a Docker container. I’ll demonstrate using the latest Ubuntu image.
SEE: Hiring kit: Back-end Developer (TechRepublic Premium)
What you’ll need
To make this work, you’ll need a running instance of Docker installed on your Linux distribution of choice.
That’s it. Let’s make some Docker/SSH magic.
How to create the necessary Dockerfile
The first thing we’ll do is create a Dockerfile, from which the container will be deployed. Log into your Linux server and issue the command:
nano Dockerfile
In that file, paste the following:
FROM ubuntu:20.04
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:PASSWORD' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
Where PASSWORD
is a strong/unique password.
Save and close the file.
How to build the image and deploy the container
We can now build our image from the Dockerfile with the command:
sudo docker build -t sshd_ubuntu .
The above command will take some time to complete because we’ve instructed (in the Dockerfile) to install the openssh-server package and run a few extra commands (to set the root password and enable root SSH login).
Next, we can deploy the container with the command:
docker run -d -P --name test_sshd sshd_ubuntu
How to locate the IP address of the running container
After the container deploys we then need to locate the IP address of the running container, which is done with the command:
docker inspect --format="{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" test_sshd
The output of the above command should look something like this:
172.17.0.15
How to SSH into the running container
From the host machine, issue the command:
ssh root@IP
Where IP
is the IP address of your running container. You should be prompted for the root user password (which was configured in the Dockerfile) and, upon successful authentication, you’ll find yourself on the running container prompt
If, however, the SSH daemon doesn’t allow you access, it means either the root password wasn’t set during the image build process or root SSH access wasn’t enabled.
That’s not a problem, as we can access the container and change this manually. To do that you will need to first locate the ID of the running container. For that, issue the command:
docker ps -a
You should see a container named sshd_ubuntu listed as well as its ID. To access the running container, issue the command:
docker exec -it ID bash
Where ID
is the Container ID associated with the sshd_ubuntu container. Once in the container, issue the command:
passwd
Next, install nano with:
apt-get install nano -y
Open the SSH daemon configuration file with:
nano /etc/ssh/sshd_config
In that file, uncomment the line:
#PermitRootLogin yes
That line should look like this:
PermitRootLogin yes
Restart the SSH daemon with:
/usr/sbin/sshd -D
Exit out of the container and you should now be able to SSH into that running container without a problem.
If you’re a Docker container developer, you might want to consider this little trick to help make developing containers and images a bit more efficient. Just remember to disable root SSH login for any container you deploy to production. Better safe than sorry.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.