一. 從docker hub 下載centos 官方鏡像

hr:centos7 hr$ docker pull centos:7 

下載完后右犹，查看本地資源庫：
hr:centos7 hr$ docker images
REPOSITORY           TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
    centos               7                   ce20c473cd8a        7 weeks ago         172.3 MB

運行容器
hr:centos7 hr$ docker run -i -t centos:7 /bin/bash

二. 安裝passwd,openssl,openssh-server

[root@b5926410fe60 /]# yum install passwd openssl openssh-server -y

啟動sshd:
# /usr/sbin/sshd -D
這時報以下錯誤：
[root@ b5926410fe60 /]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key 

執(zhí)行以下命令解決：
[root@b5926410fe60 /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''    
[root@b5926410fe60 /]#  ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
[root@b5926410fe60 /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N '' 

然后等曼，修改 /etc/ssh/sshd_config 配置信息：

1.UsePAM yes 改為 UsePAM no
2.UsePrivilegeSeparation sandbox 改為 UsePrivilegeSeparation no

[root@b5926410fe60 /]# sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
[root@b5926410fe60 /]# sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config

修改完后黄痪，重新啟動sshd
[root@b5926410fe60 /]# /usr/sbin/sshd -D

三. 修改root 密碼

[root@b5926410fe60 /]# passwd root

四. 查看容器ip地址（如果宿主機是linux操作系統(tǒng)則跳過這一步）

[root@b5926410fe60 /]# ip addr ls eth0
84: eth0@if85: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link 
       valid_lft forever preferred_lft forever

五. 將當前容器保存為鏡像

hr:centos7 hr$ docker ps -all
CONTAINER ID  IMAGE       COMMAND       CREATED             STATUS                   PORTS      NAMES
b5926410fe60  centos:7   "/bin/bash"  4 minutes ago       Exited (0) 4 seconds ago           centos7ssh

hr:centos7 hr$ docker commit b5926410fe60 herong/centos7-ssh

六. 在宿主機上基于新創(chuàng)建的鏡像啟動新的容器

--先刪除之前的容器
hr:centos7 hr$ docker ps -all
CONTAINER ID        IMAGE      COMMAND             CREATED             STATUS                      PORTS               NAMES
4122f818a741        herong/centos7-ssh:latest   "/usr/sbin/sshd"    13 seconds ago      Exited (0) 13 seconds ago                       happy_mclean

hr:centos7 hr$ docker rm -f 4122f818a741

--基于新鏡像運行容器
hr:centos7 hr$ docker run -d -p 10022:22 herong/centos7-ssh:latest /usr/sbin/sshd -D

--查看映射端口是否成功
hr:centos7 hr$ docker ps -all
CONTAINER ID        IMAGE     COMMAND               CREATED             STATUS              PORTS                   NAMES
4966d35fe0a3        herong/centos7-ssh:latest   "/usr/sbin/sshd -D"   3 seconds ago       Up 3 seconds        0.0.0.0:10022->22/tcp   compassionate_kowalevski

hr:centos7 hr$ docker port 4966d35fe0a3
22/tcp -> 0.0.0.0:10022

七. 從宿主機連接到容器

如果宿主機是非linux操作系統(tǒng)，則需要通過docker-machine ip連到容器
-- 查看docker-machine Ip地址
hr:centos7 hr$ docker-machine ip default
192.168.99.100

--通過docker-machine ip  連接到容器木张，輸入之前設(shè)置的密碼即可登錄成功
hr:centos7 hr$ ssh root@192.168.99.100 -p 10022
The authenticity of host '[192.168.99.100]:10022 ([192.168.99.100]:10022)' can't be established.
ECDSA key fingerprint is SHA256:d3JNckcTVv1ASJlwv+IT/bJwlzMC4U1T/PmsKYIHMhQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.99.100]:10022' (ECDSA) to the list of known hosts.
root@192.168.99.100's password: 
[root@4966d35fe0a3 ~]# pwd
/root

如果宿主機是linux操作系統(tǒng)，則通過第4步查看到的ip地址連接
hr:centos7 hr$ ssh root@172.17.0.2 -p 10022