安装 openssh

yum -y install openssh-server

启动 sshd 进程

[root@nginx-94711 opt]# /usr/sbin/sshd -D                                                            
Could not load host key: /etc/ssh/ssh_host_rsa_key                                                   
Could not load host key: /etc/ssh/ssh_host_ecdsa_key                                                 
Could not load host key: /etc/ssh/ssh_host_ed25519_key                                               
sshd: no hostkeys available -- exiting.

会提示错误，dockerfile 文件需要这样定义


FROM centos

WORKDIR /opt/

COPY CentOS7-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo
COPY nginx /etc/init.d/nginx


RUN yum -y update  \
    &&  yum -y install openssh-server openssl gcc gcc-c++ pcre-devel openssl-devel zlib-devel wget make perl vim tar curl rsync bzip2 iptables tcpdump less telnet net-tools lsof python-setuptools  lsof sysstat cronie \
    &&  wget -c -4 https://nginx.org/download/nginx-1.13.5.tar.gz \
    &&  wget -c -4 https://www.openssl.org/source/openssl-1.0.2l.tar.gz \
    &&  wget -c -4 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.tar.gz \
    &&  wget -c -4 http://zlib.net/zlib-1.2.11.tar.gz \
    &&  groupadd -r www && useradd -r -g www www \
    &&  tar zxvf zlib-1.2.11.tar.gz \
    &&  cd zlib-1.2.11 \
    &&  ./configure \
    &&  make \
    &&  make install \
    &&  cd /opt \
    &&  tar  zxvf pcre-8.41.tar.gz \
    &&  cd pcre-8.41 \
    &&  ./configure \
    &&  make \
    &&  make install \
    &&  cd /opt \
    &&  tar zxvf openssl-1.0.2l.tar.gz \
    &&  tar zxvf nginx-1.13.5.tar.gz \
    &&  cd nginx-1.13.5 \
    &&  ./configure --prefix=/usr/local/nginx --user=www --group=www --with-pcre=/opt/pcre-8.41 --with-http_ssl_module --with-zlib=/opt/zlib-1.2.11 --with-openssl=/opt/openssl-1.0.2l --with-http_v2_module --with-http_ssl_module \
    &&  make \
    &&  make install \
    &&  rm -rf /opt/* \
    &&  mkdir -p /usr/local/nginx/ssl \
    &&  mkdir -p /usr/local/nginx/conf/vhost \
    &&  mkdir -p /var/log/wwwlogs/ \
    &&  mkdir -p /www/ \
    &&  ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' \
    &&  ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' \
    &&  ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
    &&  ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' \
    &&  echo "RSAAuthentication yes" >> /etc/ssh/sshd_config \
    &&  echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config   \
    &&  sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config \
    &&  sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config \
    &&  yum clean all \
    &&  mkdir /var/run/sshd \
    &&  chmod +x /etc/init.d/nginx 


COPY ssl/* /usr/local/nginx/ssl/ 
COPY vhost/* /usr/local/nginx/conf/vhost/
COPY nginx.conf /usr/local/nginx/conf/
COPY ssh/* /root/.ssh/

RUN rm -rf /root/*.cfg

VOLUME ["/www","/var/log/wwwlogs"]

EXPOSE 22 80 443


ENTRYPOINT /etc/init.d/nginx start && chown -R www:www /var/log/wwwlogs/ && /usr/sbin/sshd -D

主要是这一段用来定义 ssh 服务的相关配置，比如生成 sshd 公钥秘钥配置 sshd_config

&&  ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' \
&&  ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' \
&&  ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
&&  ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' \
&&  echo "RSAAuthentication yes" >> /etc/ssh/sshd_config \
&&  echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config   \
&&  sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config \
&&  sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config \

如果希望能够 ssh 进去，还需要把对应的公钥复制进行

COPY ssh/id_rsa.pub /root/.ssh/

然后就可以远程了。

docker run -d -P --name web -v /www:/www -P --name log -v /wwwlogs:/var/log/wwwlogs -p 65423:22 -p 80:80 -p 443:443 44c

远程

➜  ~ ssh root@xxxx -p 65423
[root@80487e28cef4 ~]#

文章作者：阿文

文章链接： https://www.awen.me/post/28027.html