使用Dockerfile创建一个带 ssh 服务的基础镜像

第一步：创建一个叫做 sshd_ubuntu 的文件夹，用于存放我们的 Dockerfile 、脚本文件、以及其他文件

[root@localhost ~]# mkdir sshd_ubuntu
[root@localhost ~]# cd sshd_ubuntu/
[root@localhost sshd_ubuntu]# touch Dockerfile run.sh
[root@localhost sshd_ubuntu]# ls
Dockerfile  run.sh

第二步：编写 shell 脚本 authorized_keys 文件，以及Dockerfile文件

[root@localhost sshd_ubuntu]# vi run.sh
[root@localhost sshd_ubuntu]# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D
[root@localhost sshd_ubuntu]# cat ~/.ssh/id_rsa.pub >authorized_keys
[root@localhost sshd_ubuntu]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBXLx/qrI3hUtYSssRSSrIMLMQpNwlzA99cT2vB+GgcgyJT0pQZydSvXZwve2bYA95xHDJJRxM3fZK5W86nVUtYVU34GG28dRePvbN40EFFeCbrrAbgM+XhbfoWDwLJhQy9bz9CZ2LcODOPZnqK6H77y7xDuy38/9iNln+AErgQ4fAFRMRBacetpKGokkWDjaKQvW8a7f940yUqr2jGiC9l0KVVd/VPw5i5U7HVOnZ0ZwlPEuXUj7zxAOW6aXLeMJ6IrFS4Zg0WUm0CpH6Krq8V+JZsIjqaxk4UF4ymp7TTVbyB+TG9/uSUMyRnga3p5HdYA4TBLXAlq6KM+Gg6GUx root@localhost.localdomain
[root@localhost sshd_ubuntu]# vi Dockerfile
[root@localhost sshd_ubuntu]# cat Dockerfile
#设置继承镜像
FROM ubuntu:14.04
#提供一些作者的信息
MAINTAINER dwj_zz@163.com
#下面开始运行命令,此处更改ubuntu的源为国内163的源
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update
#安装 ssh 服务
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#取消pam限制
RUN sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd
#复制配置文件到相应位置,并赋予脚本可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#开放端口
EXPOSE 22
#设置自启动命令
CMD ["/run.sh"]

第三步：创建镜像

[root@localhost sshd_ubuntu]# docker build -t sshd:dockerfile .
Removing intermediate container 67f7fa240e42
Successfully built 24641d32c072
Successfully tagged sshd:dockerfile
[root@localhost sshd_ubuntu]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                dockerfile          24641d32c072        2 minutes ago       276MB
sshd                ubuntu              ac3169fe4fcf        31 minutes ago      284MB
ubuntu              14.04               d6ed29ffda6b        4 days ago          221MB
tomcat              latest              11df4b40749f        7 days ago          557MB
adminer             <none>              faa9618a39a6        2 weeks ago         58.8MB
mysql               latest              5709795eeffa        2 weeks ago         408MB
hello-world         latest              725dcfab7d63        2 weeks ago         1.84kB
clearlinux          latest              32685d114002        2 weeks ago         62.5MB
alpine              latest              053cde6e8953        2 weeks ago         3.96MB

第四步：测试镜像，运行容器

[root@localhost sshd_ubuntu]# docker run -d -p 101:22 sshd:dockerfile
caa2ff3806f178477c1cff6a50693780ec599df58d6409b4dfac9c6e5293ac21
[root@localhost sshd_ubuntu]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                 NAMES
caa2ff3806f1        sshd:dockerfile     "/run.sh"                12 seconds ago      Up 10 seconds       0.0.0.0:101->22/tcp   gifted_mahavira
a878a77a2de3        sshd:ubuntu         "/run.sh"                32 minutes ago      Up 31 minutes       0.0.0.0:100->22/tcp   hardcore_boyd
3dcb19a519fe        adminer:latest      "entrypoint.sh doc..."   2 hours ago         Up 2 hours          8080/tcp              mysql_adminer.1.2pz52p76jiykg8yqgjr6psgtp
a334bfbd2f37        mysql:latest        "docker-entrypoint..."   2 hours ago         Up 2 hours          3306/tcp              mysql_db.1.diaxlly44nq1347uia3gnwo1q
[root@localhost sshd_ubuntu]# ssh 192.168.0.107 -p 101
The authenticity of host '[192.168.0.107]:101 ([192.168.0.107]:101)' can't be established.
ECDSA key fingerprint is f2:db:7e:e2:b8:94:b0:ce:31:a2:20:eb:c3:db:a0:b4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.0.107]:101' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)
* Documentation:  https://help.ubuntu.com/ The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@caa2ff3806f1:~#

第五步：上传镜像到官网

[root@localhost ~]# docker tag sshd:dockerfile cakin24/sshd:dockerfile
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
cakin24/sshd        dockerfile          24641d32c072        10 minutes ago      276MB
sshd                dockerfile          24641d32c072        10 minutes ago      276MB
sshd                ubuntu              ac3169fe4fcf        39 minutes ago      284MB
ubuntu              14.04               d6ed29ffda6b        4 days ago          221MB
tomcat              latest              11df4b40749f        7 days ago          557MB
adminer             <none>              faa9618a39a6        2 weeks ago         58.8MB
mysql               latest              5709795eeffa        2 weeks ago         408MB
hello-world         latest              725dcfab7d63        2 weeks ago         1.84kB
clearlinux          latest              32685d114002        2 weeks ago         62.5MB
alpine              latest              053cde6e8953        2 weeks ago         3.96MB
[root@localhost ~]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: cakin24
Password:
Login Succeeded
[root@localhost ~]# docker push cakin24/sshd:dockerfile
The push refers to a repository [docker.io/cakin24/sshd]
af4cabec269c: Pushed
2a9128117487: Pushed
33c1c5d13313: Pushed
e202904cecc7: Pushed
f7cd00cb3656: Pushed
6e47af92ff32: Pushed
8d3ee96e3a48: Pushed
4e8d2011e2de: Pushed
793453f1c0d4: Pushed
3f02ca67e9bc: Pushed
f2bd27f8fa82: Pushed
816745ec0dfa: Pushed
d69c6d7735ad: Pushed
59482791e4b2: Mounted from library/ubuntu
cd514e6bdf2f: Mounted from library/ubuntu
02323b2bcb37: Mounted from library/ubuntu
c088f4b849d4: Pushed
c08b59ef4a3d: Mounted from library/ubuntu
dockerfile: digest: sha256:36fd196fb97df8fcee3f060f68efbebacac9a061ed388a02e5bccaa7c9c34998 size: 4061

关于在Docker容器中是否需要SSH服务的一点说明
在社区中，对于是否需要为 docker 容器启动SSH服务一直有争论。
一方的观点是：docker 在声明中有一个的理念是一个容器运行一个服务，如果每个容器都运行一个 ssh 服务，就违背了这个理念，另外他们认为根本没有从远程主机进入容器进行维护的必要。
另一方的观点是：在 1.3 版本之前，如果要用 attach 进入容器，经常容易出现卡死的情况，1.3 之后，官方推出了 docker exec工具，在从宿主主机进入是没有障碍了，但是如果要从其他远程主机进入容器依然没有更好的解决方案。
通过一些目前看来较为复杂的方式确实能够不需要进入容器进行维护，但是使用 ssh 进行服务器的维护，是目前 linux 管理员熟悉的方式，在 docker 推出更加高效、安全的方式对容器进行维护之前，目前容器的 ssh 服务还是比较重要的，而且它对资源的占用，并没想象中的大。