Docker image for CentOS including SSHD and SystemD.
- SSHD
- systemd
- username=
root, password=root - username=
user, password=user- passwordless sudo user
- owns SSH key
- root login is not permitted
- password authentification is not permitted
- user authentification is passwordless via SSH key
- ssh public key
./secret/ssh/sshkey.pubis imported into container
- ssh public key
- passphrase is unset
- owned by user
# pull
docker pull europ/docker-centos-sshd-systemd
# run
docker run --tty --detach --privileged --publish 22:22 --label="xyz" -v /sys/fs/cgroup:/sys/fs/cgroup:ro europ/docker-centos-sshd-systemd
# add your custom ssh key
docker cp /path/to/your/sshkey.PUBLIC <CONTAINER_ID>:/home/user/.ssh/authorized_keys
# test
ssh -i /path/to/your/sshkey.PRIVATE user@<CONTAINER_IP> '[ "`ps --no-headers -p 1 -o comm`" == "systemd" ]'- it is important to add
CMD ["/usr/sbin/init"]command as the last one
FROM europ/docker-centos-sshd-systemd
# EXAMPLE
RUN yum -y install httpd
RUN systemctl enable httpd.service
EXPOSE 80
# it is important to include the below command as the last one
CMD ["/usr/sbin/init"]docker build --rm --tag=abc --label="xyz" .- note the important
--privilegedparameter - add additional
--publish <number>:<number>if needed
docker run --tty --detach --privileged --publish 22:22 --label="xyz" -v /sys/fs/cgroup:/sys/fs/cgroup:ro abc# get container ID
CONTAINER_ID=$(docker ps --quiet --all --filter "status=running" --filter "label=xyz")
# get container IP
CONTAINER_IP=$(docker inspect ${CONTAINER_ID} | grep -E '^\s*"IPAddress": ".*$' | grep -ohE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | head -1)
# connect to the running container
ssh -i ./secret/ssh/sshkey user@${CONTAINER_IP}docker stop `docker ps --quiet --all --filter "status=running" --filter "label=xyz"`- warning output:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxx.
Please contact your system administrator.
Add correct host key in /home/${USER}/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/${USER}/.ssh/known_hosts:2
remove with:
ssh-keygen -f "/home/${USER}/.ssh/known_hosts" -R "172.17.0.2"
ECDSA host key for 172.17.0.2 has changed and you have requested strict checking.
Host key verification failed.- solution:
ssh-keygen -f "/home/${USER}/.ssh/known_hosts" -R "<THE IP FROM WARNING OUTPUT>"- method: one docker command
- copy the ssh public key to container via
docker cp /path/to/your/sshkey.pub <CONTAINER_ID>:/home/user/.ssh/authorized_keys
- copy the ssh public key to container via
- method: new image build
- clone this repository
- change the ssh key files in
./secret/ssh/sshkey - build it (follow the usage instruction from Build section)
Container problem relater to systemd:
CentOS7 container including only systemd:
How to run systemd in a container:
Dockerize an SSH service:
Feel free to open an issue or a change request in this repository in case of a bug, problem, request for enhancement, feature idea, suggestion, etc.