Cloud/Container
docker container ssh configuration
junsuyoun
2022. 9. 24. 20:27
728x90
반응형
외부에서 컨테이너 접속을 위해 SSH 활성화를 해야하는 경우 아래와 같이 진행 하시면 됩니다.
컨테이너 실행
[root@junsu-desktop ~]docker_host# docker run -itd -p 3200:22 --name con_ssh_test centos:7.9.2009
d3b0a8192d913a582623fdf6c03833c0956a395d1a355e074c1c028b5d34878a
[root@junsu-desktop ~]docker_host# docker exec -it con_ssh_test bash
[root@d3b0a8192d91 /]#
sshd 설치
[root@d3b0a8192d91 /]# sshd
bash: sshd: command not found
[root@d3b0a8192d91 /]# yum install -y openssh-server
============================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================================================================================================================================
Installing:
openssh-server x86_64 7.4p1-22.el7_9 updates 459 k
Installing for dependencies:
fipscheck x86_64 1.4.1-6.el7 base 21 k
fipscheck-lib x86_64 1.4.1-6.el7 base 11 k
openssh x86_64 7.4p1-22.el7_9 updates 510 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
Transaction Summary
============================================================================================================================================================================================================================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.0 M
Installed size: 3.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for fipscheck-lib-1.4.1-6.el7.x86_64.rpm is not installed
(1/5): fipscheck-lib-1.4.1-6.el7.x86_64.rpm | 11 kB 00:00:00
(2/5): fipscheck-1.4.1-6.el7.x86_64.rpm | 21 kB 00:00:00
(3/5): tcp_wrappers-libs-7.6-77.el7.x86_64.rpm | 66 kB 00:00:00
Public key for openssh-7.4p1-22.el7_9.x86_64.rpm is not installed
(4/5): openssh-7.4p1-22.el7_9.x86_64.rpm | 510 kB 00:00:00
(5/5): openssh-server-7.4p1-22.el7_9.x86_64.rpm | 459 kB 00:00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.2 MB/s | 1.0 MB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-lib-1.4.1-6.el7.x86_64 1/5
Installing : fipscheck-1.4.1-6.el7.x86_64 2/5
Installing : openssh-7.4p1-22.el7_9.x86_64 3/5
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/5
Installing : openssh-server-7.4p1-22.el7_9.x86_64 5/5
Verifying : openssh-server-7.4p1-22.el7_9.x86_64 1/5
Verifying : openssh-7.4p1-22.el7_9.x86_64 2/5
Verifying : fipscheck-1.4.1-6.el7.x86_64 3/5
Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 4/5
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 5/5
Installed:
openssh-server.x86_64 0:7.4p1-22.el7_9
Dependency Installed:
fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7 openssh.x86_64 0:7.4p1-22.el7_9 tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
sshd 실행
- 절대 경로로 sshd를 수행하셔야 합니다.
- 기본적으로 ssh key가 있어야 합니다.
[root@d3b0a8192d91 /]# sshd
sshd re-exec requires execution with an absolute path
[root@d3b0a8192d91 /]# whereis sshd
sshd: /usr/sbin/sshd
[root@d3b0a8192d91 /]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.- sshd_config에 HostKey 위치와 활성하고 싶은 키를 선택 합니다.
- 주석의 경우 비활성화
[root@d3b0a8192d91 /]# mkdir $HOME/.sshd
[root@d3b0a8192d91 /]# cd $HOME/.sshd
[root@d3b0a8192d91 .ssh]# vi /etc/ssh/sshd_config
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /root/.ssh/id_rsa
HostKey /root/.ssh/id_ecdsa
HostKey /root/.ssh/id_ed25519
[root@d3b0a8192d91 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
[root@d3b0a8192d91 .ssh]# ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ecdsa.
Your public key has been saved in /root/.ssh/id_ecdsa.pub.
[root@d3b0a8192d91 .ssh]# ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:- sshd 실행
[root@d3b0a8192d91 .ssh]# /usr/sbin/sshd
[root@d3b0a8192d91 .ssh]# ps -ef |grep sshd |grep -v grep
root 212 1 0 11:46 ? 00:00:00 /usr/sbin/sshd
[root@d3b0a8192d91 .ssh]# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 212/sshd
tcp6 0 0 :::22 :::* LISTEN 212/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
외부에서 컨테이너로 접속
- 외부에서 도커 서버로 접속 (TCP_3200 -> TCP_22) 리다이렉션 되어 정상적으로 접속 됩니다.
- 접속하고자 하는 유저 및 암호 설정은 필수로 하셔야 합니다.
[root@junsu-desktop ~]docker_host# ssh -p 3200 root@X.X.X.X
root@X.X.X.X's password:
[root@d3b0a8192d91 ~]# ls
- 포트를 변경하고 싶다면 도커 호스트에서 도커 배포 시 포트 정보는 수정하면 됩니다.
- 리다이렉션 포트가 컨테이너 포트와 동일해도 됩니다. (동일 포트로 리다이렉션 해도 됨)
728x90
반응형