千家信息网

用commit方式构建具有sshd服务的centos镜像

发表于:2024-12-13 作者:千家信息网编辑
千家信息网最后更新 2024年12月13日,1.从远程仓库中pull centos镜像docker pull centos2.查询镜像docker images[root@HA2 kehj]# docker imagesREPOSITORY T
千家信息网最后更新 2024年12月13日用commit方式构建具有sshd服务的centos镜像

1.从远程仓库中pull centos镜像

docker pull centos

2.查询镜像docker images

[root@HA2 kehj]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

nginx-docker v1 20c4d11561d3 11 hours ago 451.1 MB

docker.io/nginx latest f895b3fb9e30 2 weeks ago 108.5 MB

docker.io/centos latest 3fa822599e10 3 weeks ago 203.5 MB

docker.io/ubuntu latest 747cb2d60bbe 11 weeks ago 122 MB

3.启动centos容器 docker run -i -t centos /bin/bash

[root@HA2 kehj]# docker run -i -t centos /bin/bash

[root@f2595a1c0aae /]#

4.安装sshd服务

[root@f2595a1c0aae /]# yum install passwd openssl openssh-server -y

Loaded plugins: fastestmirror, ovl

base | 3.6 kB 00:00:00

extras | 3.4 kB 00:00:00

updates | 3.4 kB 00:00:00

(1/4): extras/7/x86_64/primary_db | 145 kB 00:00:01

(2/4): base/7/x86_64/group_gz | 156 kB 00:00:01

(3/4): updates/7/x86_64/primary_db | 4.6 MB 00:00:15

(4/4): base/7/x86_64/primary_db | 5.7 MB 00:00:23

Determining fastest mirrors

* base: mirrors.163.com

* extras: mirrors.163.com

* updates: mirrors.163.com

Package passwd-0.79-4.el7.x86_64 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package openssh-server.x86_64 0:7.4p1-13.el7_4 will be installed

--> Processing Dependency: openssh = 7.4p1-13.el7_4 for package: openssh-server-7.4p1-13.el7_4.x86_64

--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-13.el7_4.x86_64

--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-13.el7_4.x86_64

--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-13.el7_4.x86_64

---> Package openssl.x86_64 1:1.0.2k-8.el7 will be installed

--> Processing Dependency: make for package: 1:openssl-1.0.2k-8.el7.x86_64

--> Running transaction check

---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed

--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64

---> Package make.x86_64 1:3.82-23.el7 will be installed

---> Package openssh.x86_64 0:7.4p1-13.el7_4 will be installed

---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed

--> Running transaction check

---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================

Package Arch Version Repository Size

====================================================================================================================

Installing:

openssh-server x86_64 7.4p1-13.el7_4 updates 458 k

openssl x86_64 1:1.0.2k-8.el7 base 492 k

Installing for dependencies:

fipscheck x86_64 1.4.1-6.el7 base 21 k

fipscheck-lib x86_64 1.4.1-6.el7 base 11 k

make x86_64 1:3.82-23.el7 base 420 k

openssh x86_64 7.4p1-13.el7_4 updates 509 k

tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k

Transaction Summary

====================================================================================================================

Install 2 Packages (+5 Dependent packages)

Total download size: 1.9 M

Installed size: 4.9 M

Downloading packages:

warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Public key for fipscheck-lib-1.4.1-6.el7.x86_64.rpm is not installed

(1/7): fipscheck-lib-1.4.1-6.el7.x86_64.rpm | 11 kB 00:00:00

(2/7): fipscheck-1.4.1-6.el7.x86_64.rpm | 21 kB 00:00:00

Public key for openssh-7.4p1-13.el7_4.x86_64.rpm is not installed ] 206 kB/s | 681 kB 00:00:06 ETA

(3/7): openssh-7.4p1-13.el7_4.x86_64.rpm | 509 kB 00:00:01

(4/7): tcp_wrappers-libs-7.6-77.el7.x86_64.rpm | 66 kB 00:00:01

(5/7): openssl-1.0.2k-8.el7.x86_64.rpm | 492 kB 00:00:02

(6/7): openssh-server-7.4p1-13.el7_4.x86_64.rpm | 458 kB 00:00:03

(7/7): make-3.82-23.el7.x86_64.rpm | 420 kB 00:00:04

--------------------------------------------------------------------------------------------------------------------

Total 403 kB/s | 1.9 MB 00:00:04

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Importing GPG key 0xF4A80EB5:

Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) "

Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5

Package : centos-release-7-4.1708.el7.centos.x86_64 (@CentOS)

From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : fipscheck-1.4.1-6.el7.x86_64 1/7

Installing : fipscheck-lib-1.4.1-6.el7.x86_64 2/7

Installing : openssh-7.4p1-13.el7_4.x86_64 3/7

Installing : 1:make-3.82-23.el7.x86_64 4/7

Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 5/7

Installing : openssh-server-7.4p1-13.el7_4.x86_64 6/7

Installing : 1:openssl-1.0.2k-8.el7.x86_64 7/7

Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 1/7

Verifying : 1:openssl-1.0.2k-8.el7.x86_64 2/7

Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 3/7

Verifying : fipscheck-1.4.1-6.el7.x86_64 4/7

Verifying : openssh-7.4p1-13.el7_4.x86_64 5/7

Verifying : openssh-server-7.4p1-13.el7_4.x86_64 6/7

Verifying : 1:make-3.82-23.el7.x86_64

Installed:

openssh-server.x86_64 0:7.4p1-13.el7_4 openssl

Dependency Installed:

fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7 make.x86_64 1:3.82-23.el7

Complete!

5.执行 /usr/sbin/sshd -D,报错:

[root@f2595a1c0aae /]# /usr/sbin/sshd -D

Could not load host key: /etc/ssh/ssh_host_rsa_key

Could not load host key: /etc/ssh/ssh_host_ecdsa_key

Could not load host key: /etc/ssh/ssh_host_ed25519_key

sshd: no hostkeys available -- exiting.

6.执行以下三条命令:

ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''

ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''

ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''

[root@f2595a1c0aae /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''

[root@f2595a1c0aae /]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''

[root@f2595a1c0aae /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''

Generating public/private dsa key pair.

Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.

Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.

The key fingerprint is:

SHA256:U9G/RvoqxZtn/9oTzTwba8t8b3P2KoTYQ7nbC9aD7M4 root@f2595a1c0aae

The key's randomart image is:

+---[DSA 1024]----+

| .. |

| .. |

| .. . |

| .o o |

| S+ + o +.|

| .o=o= o++|

| =*o= *|

| +o.=.*B=|

| .E.o*+X/|

+----[SHA256]-----+

7.vi /etc/ssh/sshd_config 修改配置文件

UsePAM yes 修改为 UsePAM no

UsePrivilegeSeparation sandbox 修改改为 UsePrivilegeSeparation no

8.修改密码passwd root

[root@f2595a1c0aae /]# passwd root

Changing password for user root.

New password:

BAD PASSWORD: The password is shorter than 8 characters

Retype new password:

passwd: all authentication tokens updated successfully.

9.exit退出容器

10.执行提交命令,生成镜像 docker commit -m "add sshd" -a "kehaojian" f2595a1c0aae sshd_centos

[root@HA2 kehj]# docker commit -m "add sshd" -a "kehaojian" f2595a1c0aae sshd_centos

sha256:0ece1cad37782006b4175fb6f7268aac206d8729b6a844eabdd×××40e904f9a

11.执行docker images

[root@HA2 kehj]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

sshd_centos latest 0ece1cad3778 8 seconds ago 293.3 MB

nginx-docker v1 20c4d11561d3 11 hours ago 451.1 MB

docker.io/nginx latest f895b3fb9e30 2 weeks ago 108.5 MB

docker.io/centos latest 3fa822599e10 3 weeks ago 203.5 MB

docker.io/ubuntu latest 747cb2d60bbe 11 weeks ago 122 MB

12.测试

[kehj@HA2 ~]$ ssh root@localhost -p 10022

The authenticity of host '[localhost]:10022 ([::1]:10022)' can't be established.

ECDSA key fingerprint is SHA256:wFHqfr8EPuT5cUla5cllCBf0HQ5GnTmZruj0LQI8VRg.

ECDSA key fingerprint is MD5:74:6a:da:84:64:35:50:78:c8:9a:38:de:45:f3:71:16.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[localhost]:10022' (ECDSA) to the list of known hosts.

root@localhost's password:

[root@e14d9841c1e6 ~]#


0