1.基于commit命令創(chuàng)建

1.1 配置ssh服務(wù)

# 查看images
[root@langzi01 ~]# docker ps -a
2f5f9417b073        centos              "/bin/bash"              3 days ago          Up 3 days                                       data01
# 更新yum源
[root@2f5f9417b073 /]# yum update -y

#查看sshd服務(wù)
[root@2f5f9417b073 /]# sshd       
bash: sshd: command not found

#安裝ssh
[root@2f5f9417b073 /]# yum install -y openssh-server

#創(chuàng)建目錄乱凿，要正常啟動唁情，需要 /var/run/sshd 存在。
[root@2f5f9417b073 /]# mkdir /var/run/sshd

#啟動服務(wù) -- 發(fā)現(xiàn)報錯
[root@2f5f9417b073 /]# /usr/sbin/sshd -D &
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key

#解決辦法
[root@2f5f9417b073 sshd]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key 
[root@2f5f9417b073 sshd]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
[root@2f5f9417b073 sshd]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key


#再次啟動服務(wù)
[root@2f5f9417b073 sshd]# /usr/sbin/sshd

#查看服務(wù)
[root@2f5f9417b073 sshd]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      302/sshd            
tcp6       0      0 :::80                   :::*                    LISTEN      87/httpd            
tcp6       0      0 :::22                   :::*                    LISTEN      302/sshd 

[root@2f5f9417b073 ~]# pwd
/root
[root@2f5f9417b073 ~]# mkdir .ssh

#新開會話沈撞，查看， 這里@之后是langzi01慷丽，容器@之后是2f5f9417b073
[root@langzi01 ~]# cd .ssh/
[root@langzi01 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts
[root@langzi01 .ssh]# cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3q8E9u60OwMSPTbpLlIyxKVsmICFgTQccnPLXMYFelZQ6KSdXSPCItCWh5rIC0EuOh3J9ykNlqQC0GNoZ27ziom3ezsH0cP9Puqzzp9tqdiMZtLB/UviyRIKARemtuyEM14/PUV+SES4A6K514nJ5g96KEdxb7gl/20TfiYa0Eo+CtABiyIYTz+q/AHh0zAx20qwEPcRWyKsIEurtd+IyopxZmbYzIXX9yDurBks5ROS2Viq64B2nPvB+Yhhc5ehGKCbi52qIMgIXPMQob3fuW6+ProunnAvdFb7+eRlrY3M3QTkC7jdB5ZNGNa0bNTD0amD49ImwCsY1eXzrm5XB root@langzi01

#切換到容器繪畫
[root@2f5f9417b073 .ssh]# vi authorized_keys
#將宿主的 id_rsa.pub內(nèi)容復(fù)制到該文件中


#創(chuàng)建  /run.sh
[root@2f5f9417b073 .ssh]# vi /run.sh

#內(nèi)容如下：
[root@04c0e6e78f46 ~]# cat /run.sh 
#!/bin/bash
/usr/sbin/sshd -D

#退出容器 exit

1.2 保存鏡像

[root@langzi01 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                  PORTS               NAMES
2f5f9417b073        centos              "/bin/bash"              3 days ago          Up 3 days                                   data01
[root@langzi01 ~]# docker commit 2f5 sshd:centos
sha256:08d75e23080972ce9a4494a7b748b081a0286d88a97f9bb453bd88e280749146
[root@langzi01 ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
sshd                        centos              08d75e230809        4 seconds ago       383 MB

1.3 使用鏡像

[root@langzi01 ~]# docker run -p 10022:22 --name sshd -d sshd:centos /run.sh
04c0e6e78f46652c590b444b211bd76c3526311e3676bd3300c9846f371f6f56
[root@langzi01 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
04c0e6e78f46        sshd:centos         "/run.sh"           7 seconds ago       Up 5 seconds        0.0.0.0:10022->22/tcp   sshd

1.4 宿主ssh登錄

[root@langzi01 ~]# ssh 172.17.0.1 -p 10022
The authenticity of host '[172.17.0.1]:10022 ([172.17.0.1]:10022)' can't be established.
ECDSA key fingerprint is SHA256:MsHCJMCYdCwMmfC2fJva7hEQV2gQlIwR0py3h9l3iXU.
ECDSA key fingerprint is MD5:05:5d:c3:90:4d:1a:32:35:74:0e:ea:c8:1a:42:60:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[172.17.0.1]:10022' (ECDSA) to the list of known hosts.
[root@04c0e6e78f46 ~]# pwd
/root

2.基于Dockerfile命令創(chuàng)建

2.1 創(chuàng)建工作目錄

[root@langzi01 docker]# pwd
/root/docker
[root@langzi01 docker]# mkdir sshd_centos
[root@langzi01 docker]# ls
sshd_centos
[root@langzi01 docker]# cd sshd_centos/
[root@langzi01 docker]# touch Dockerfile run.sh
Dockerfile  run.sh

2.2 編寫run.sh 腳本和authorized_keys 文件

[root@langzi01 sshd_centos]# vim run.sh
#!/bin/bash
/usr/sbin/sshd -D

# 在宿主主機上生成SSH密鑰對想诅，并創(chuàng)建authorized_keys文件：
[root@langzi01 sshd_centos]# ssh-keygen -t rsa
# 一路回車
[root@langzi01 sshd_centos]# cat ~/.ssh/id_rsa.pub > authorized_keys

2.3 編寫Dockerfile

[root@langzi01 sshd_centos]# vim Dockerfile
FROM centos:7.4

MAINTAINER docker_user docker_user@email.com

#安裝sshd服務(wù)
#RUN yum update -y
RUN yum install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
#復(fù)制配置文件到相應(yīng)的位置，并賦予腳本可執(zhí)行權(quán)限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh

#開放端口
EXPOSE 22

# 設(shè)置自啟動命令
CMD ["/run.sh"]

2.4 創(chuàng)建鏡像

[root@langzi01 sshd_centos]# docker build -t sshd:centos .

2.5 測試鏡像当船，運行容器

[root@langzi01 sshd_centos]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                centos              d5f2887c0d88        17 minutes ago      282 MB
[root@langzi01 sshd_centos]# docker run -d -p 10022:22 sshd:centos
ac104109a2395004cc6c7de97557d806c1bb9a5ac43bb9073a431d8e80c0747f

2.6 連接容器

[root@langzi01 .ssh]# ssh 172.17.0.1 -p 10022
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:dnCAPxpfBTT1jt23wblI0OH+Nhzl4ZuQXBLvRPcWcjI.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:3
ECDSA host key for [172.17.0.1]:10022 has changed and you have requested strict checking.
Host key verification failed.

如何解決這個bug？

解決方式：
cd /root/.ssh
vi known_hosts
找到對應(yīng)的子機ip的 ssh-rsa 刪除該行默辨，退出保存known_hosts德频，重新執(zhí)行主機ssh連接子機，通過操作缩幸。

重新連接

[root@langzi01 .ssh]# ssh 172.17.0.1 -p 10022
The authenticity of host '[172.17.0.1]:10022 ([172.17.0.1]:10022)' can't be established.
ECDSA key fingerprint is SHA256:dnCAPxpfBTT1jt23wblI0OH+Nhzl4ZuQXBLvRPcWcjI.
ECDSA key fingerprint is MD5:cb:c7:cd:f0:26:5a:4c:62:5e:d6:1f:bf:2c:a2:ed:4d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[172.17.0.1]:10022' (ECDSA) to the list of known hosts.