14

我读了一篇文章SSH Daemon Service。但我想在 Centos6.4 上运行。所以我从官方的centos图像设置几乎相同的指令。然后我连接到centos sshd 服务器,但连接立即关闭。这是消息。

ssh root@localhost -p 49164
The authenticity of host '[localhost]:49164 ([127.0.0.1]:49164)' can't be established.
RSA key fingerprint is 88:71:89:e5:30:91:78:5c:bf:cb:88:c2:5b:81:1a:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:49164' (RSA) to the list of known hosts.
root@localhost's password: 
Connection to localhost closed.

为什么我无法连接centos sshd 服务器?

4

5 回答 5

20

这里有同样的问题,如果您在 sshd 配置中关闭 PAM,则可以正常工作。

以下是我们的 Dockerfile 中的相关行

RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config
RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config
于 2013-08-22T07:39:12.030 回答
4

我有 sshd 使用来自 Docker repo 的“centos”图像:

  • 不需要修改 sshd_config 即默认UsePAM yes设置
  • 我确实需要/etc/init.d/sshd start在我的 Dockerfile 中运行,因为它会在第一次运行时生成密钥。
  • 我确实需要修复权限.ssh

Dockerfile的是:

FROM centos:latest

RUN yum update -y
RUN yum install -y openssh-server sudo

RUN  /etc/init.d/sshd start

RUN useradd admin -G wheel
RUN echo 'admin:secret' | chpasswd
RUN echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers

RUN mkdir -p /home/admin/.ssh
ADD authorized_keys /home/admin/.ssh/
RUN chown -R admin:admin /home/admin/.ssh; chmod 700 /home/admin/.ssh

EXPOSE 22
CMD    ["/usr/sbin/sshd", "-D"]
于 2014-06-24T01:36:31.590 回答
2

我还必须生成服务器密钥,然后“ssh -v”会立即退出

...
debug1: SSH2_MSG_KEXINIT
Connection closed by ...

这是我为 sshd 工作的(Vagrant 1.3.5 和 docker 0.7)Dockerfile 配置:

# sshd
RUN echo 'root:secret' | chpasswd
RUN yum install -y openssh-server
RUN mkdir -p /var/run/sshd ; chmod -rx /var/run/sshd
# http://stackoverflow.com/questions/2419412/ssh-connection-stop-at-debug1-ssh2-msg-kexinit-sent
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# Bad security, add a user and sudo instead!
RUN sed -ri 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
# http://stackoverflow.com/questions/18173889/cannot-access-centos-sshd-on-docker
RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config
RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config

####################
ADD supervisord.conf /etc/supervisord.conf
EXPOSE 10389 22
CMD ["/usr/bin/supervisord"]

我的supervisord.conf:

[supervisord]
nodaemon=true

[program:sshd]
command=/usr/sbin/sshd -D
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
于 2013-12-06T09:11:35.043 回答
2

在 Docker 网站上,Dockerizing an SSH Daemon Service示例显示了一个解决此问题的 Dockerfile。重要的一行是注释后的 sed 命令SSH login fix

# sshd
#
# VERSION               0.0.2

FROM ubuntu:14.04
MAINTAINER Sven Dowideit <SvenDowideit@docker.com>

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:screencast' | chpasswd
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile

EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

它基于 Ubuntu 映像,但也适用于 CentOS 6。

于 2014-11-27T16:23:56.800 回答
0

这是 dockerfile 最终在 centos8 上为我工作。注意 centos7 & 8 在官方镜像中默认没有启用 systemd。

FROM centos:8
ENV container docker

#### enabling systemd according to docs on: https://hub.docker.com/_/centos/
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]

### install & configure sshd
RUN yum update -y && yum install -y libcgroup libcgroup-tools openssh-server
### authorize by public key
COPY id_rsa_centos_docker.pub /root/.ssh/authorized_keys
RUN chmod a-r /root/.ssh/authorized_keys
RUN chmod g-r /root/.ssh/authorized_keys
RUN echo "root:welcome1" | chpasswd
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
RUN sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g'     /etc/ssh/sshd_config
RUN sed -i 's/PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
CMD ["/usr/sbin/init"]

运行服务(即使你在 macos 上没有像我这样的本地 /sys/fs/cgrup):

docker run -d -p 2022:22 -v /sys/fs/cgroup:/sys/fs/cgroup:ro --mount type=tmpfs,destination=/run centos8-sshd "/usr/sbin/init"
于 2020-09-20T14:31:21.403 回答