用commit方式构建具有sshd服务的centos镜像
1.从远程仓库中pull centos镜像
docker pull centos
2.查询镜像docker images
[root@HA2 kehj]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-docker v1 20c4d11561d3 11 hours ago 451.1 MB
docker.io/nginx latest f895b3fb9e30 2 weeks ago 108.5 MB
docker.io/centos latest 3fa822599e10 3 weeks ago 203.5 MB
docker.io/ubuntu latest 747cb2d60bbe 11 weeks ago 122 MB
3.启动centos容器 docker run -i -t centos /bin/bash
[root@HA2 kehj]# docker run -i -t centos /bin/bash
[root@f2595a1c0aae /]#
4.安装sshd服务
[root@f2595a1c0aae /]# yum install passwd openssl openssh-server -y
Loaded plugins: fastestmirror, ovl
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/4): extras/7/x86_64/primary_db | 145 kB 00:00:01
(2/4): base/7/x86_64/group_gz | 156 kB 00:00:01
(3/4): updates/7/x86_64/primary_db | 4.6 MB 00:00:15
(4/4): base/7/x86_64/primary_db | 5.7 MB 00:00:23
Determining fastest mirrors
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.163.com
Package passwd-0.79-4.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package openssh-server.x86_64 0:7.4p1-13.el7_4 will be installed
--> Processing Dependency: openssh = 7.4p1-13.el7_4 for package: openssh-server-7.4p1-13.el7_4.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-13.el7_4.x86_64
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-13.el7_4.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-13.el7_4.x86_64
---> Package openssl.x86_64 1:1.0.2k-8.el7 will be installed
--> Processing Dependency: make for package: 1:openssl-1.0.2k-8.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64
---> Package make.x86_64 1:3.82-23.el7 will be installed
---> Package openssh.x86_64 0:7.4p1-13.el7_4 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================
Package Arch Version Repository Size
====================================================================================================================
Installing:
openssh-server x86_64 7.4p1-13.el7_4 updates 458 k
openssl x86_64 1:1.0.2k-8.el7 base 492 k
Installing for dependencies:
fipscheck x86_64 1.4.1-6.el7 base 21 k
fipscheck-lib x86_64 1.4.1-6.el7 base 11 k
make x86_64 1:3.82-23.el7 base 420 k
openssh x86_64 7.4p1-13.el7_4 updates 509 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
Transaction Summary
====================================================================================================================
Install 2 Packages (+5 Dependent packages)
Total download size: 1.9 M
Installed size: 4.9 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for fipscheck-lib-1.4.1-6.el7.x86_64.rpm is not installed
(1/7): fipscheck-lib-1.4.1-6.el7.x86_64.rpm | 11 kB 00:00:00
(2/7): fipscheck-1.4.1-6.el7.x86_64.rpm | 21 kB 00:00:00
Public key for openssh-7.4p1-13.el7_4.x86_64.rpm is not installed ] 206 kB/s | 681 kB 00:00:06 ETA
(3/7): openssh-7.4p1-13.el7_4.x86_64.rpm | 509 kB 00:00:01
(4/7): tcp_wrappers-libs-7.6-77.el7.x86_64.rpm | 66 kB 00:00:01
(5/7): openssl-1.0.2k-8.el7.x86_64.rpm | 492 kB 00:00:02
(6/7): openssh-server-7.4p1-13.el7_4.x86_64.rpm | 458 kB 00:00:03
(7/7): make-3.82-23.el7.x86_64.rpm | 420 kB 00:00:04
--------------------------------------------------------------------------------------------------------------------
Total 403 kB/s | 1.9 MB 00:00:04
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key)
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-4.1708.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-6.el7.x86_64 1/7
Installing : fipscheck-lib-1.4.1-6.el7.x86_64 2/7
Installing : openssh-7.4p1-13.el7_4.x86_64 3/7
Installing : 1:make-3.82-23.el7.x86_64 4/7
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 5/7
Installing : openssh-server-7.4p1-13.el7_4.x86_64 6/7
Installing : 1:openssl-1.0.2k-8.el7.x86_64 7/7
Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 1/7
Verifying : 1:openssl-1.0.2k-8.el7.x86_64 2/7
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 3/7
Verifying : fipscheck-1.4.1-6.el7.x86_64 4/7
Verifying : openssh-7.4p1-13.el7_4.x86_64 5/7
Verifying : openssh-server-7.4p1-13.el7_4.x86_64 6/7
Verifying : 1:make-3.82-23.el7.x86_64
Installed:
openssh-server.x86_64 0:7.4p1-13.el7_4 openssl
Dependency Installed:
fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7 make.x86_64 1:3.82-23.el7
Complete!
5.执行 /usr/sbin/sshd -D,报错:
[root@f2595a1c0aae /]# /usr/sbin/sshd -D
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
6.执行以下三条命令:
ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
[root@f2595a1c0aae /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
[root@f2595a1c0aae /]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
[root@f2595a1c0aae /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:U9G/RvoqxZtn/9oTzTwba8t8b3P2KoTYQ7nbC9aD7M4 root@f2595a1c0aae
The key's randomart image is:
+---[DSA 1024]----+
| .. |
| .. |
| .. . |
| .o o |
| S+ + o +.|
| .o=o= o++|
| =*o= *|
| +o.=.*B=|
| .E.o*+X/|
+----[SHA256]-----+
7.vi /etc/ssh/sshd_config 修改配置文件
UsePAM yes 修改为 UsePAM no
UsePrivilegeSeparation sandbox 修改改为 UsePrivilegeSeparation no
8.修改密码passwd root
[root@f2595a1c0aae /]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
9.exit退出容器
10.执行提交命令,生成镜像 docker commit -m "add sshd" -a "kehaojian" f2595a1c0aae sshd_centos
[root@HA2 kehj]# docker commit -m "add sshd" -a "kehaojian" f2595a1c0aae sshd_centos
sha256:0ece1cad37782006b4175fb6f7268aac206d8729b6a844eabdd×××40e904f9a
11.执行docker images
[root@HA2 kehj]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd_centos latest 0ece1cad3778 8 seconds ago 293.3 MB
nginx-docker v1 20c4d11561d3 11 hours ago 451.1 MB
docker.io/nginx latest f895b3fb9e30 2 weeks ago 108.5 MB
docker.io/centos latest 3fa822599e10 3 weeks ago 203.5 MB
docker.io/ubuntu latest 747cb2d60bbe 11 weeks ago 122 MB
12.测试
[kehj@HA2 ~]$ ssh root@localhost -p 10022
The authenticity of host '[localhost]:10022 ([::1]:10022)' can't be established.
ECDSA key fingerprint is SHA256:wFHqfr8EPuT5cUla5cllCBf0HQ5GnTmZruj0LQI8VRg.
ECDSA key fingerprint is MD5:74:6a:da:84:64:35:50:78:c8:9a:38:de:45:f3:71:16.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:10022' (ECDSA) to the list of known hosts.
root@localhost's password:
[root@e14d9841c1e6 ~]#