How to SSH into a Docker Container [Two Ways]

How do I use SSH to connect to a docker container? The traditional approach consists of two steps:

Step one: SSH on your external Linux server (if you run the Container on the external system).

ssh [protected e-mail] _ip_address

Step two: Then you enter the hull of a walking dock container interactively, like this

docker exec -it container_ID_of_name /bin/bash

Allows you to execute the Linux command or perform maintenance on a service running in the Container.

There is nothing wrong with the method described above. This is a traditional and recommended way to get into containers easily.

However, with a little effort, you can put SSH directly into a running Container without first connecting to the host system.

SSH to Docking Container: But why?

It’s a little weird, isn’t it? Container entry, via SSH. Even if it seems unconventional, it can be useful to you depending on your use.

Here are some examples of what you can achieve with SSH capacity in a container:

  1. You can set up fake support for any potential attacker. Use a non-standard port for your host’s SSH daemon and provide an SSH connection on port 22 for attackers.
  2. A completely separate authorization level, i.e. connections with different passwords or ssh keys, is up to you and is independent of what is currently being used by your host.
  3. Start an automated process remotely without using the same ssh keys your team uses to log in.

Before I show you how to do all this, I’ll tell you how it really works.

The use of ssh login for an existing container is not recommended. This eliminates the need to isolate the host.

If you are not interested in working on this part, you can safely ignore it. I’ll show you the container with the dummy. You can follow the instructions for the course.

Tank start

You have to start the Docker Container first. Right now, I’m using a very small alpine: last photo. Start the container with this command:

docker run –rm -name ssh-test -it -p 22:7655 alpine: recent axis

Some notable points regarding the command line options are

  • With the –rm option you do not have to remove the container afterwards.
  • The -it options are available so you have an interactive container shell that works.
  • Finally, connect port 22 of the Container to host port number 7655 (or any other port not yet used by the SSH daemon on your host system). Don’t forget which gate you’re using.

Placing the SSH daemon in the container

You must now install an ssh server in the container. With Alpine Linux you can use these commands.

update apk; apk adds an openssh server

Then you need to quickly change the configuration parameter to enter the root. This can be done manually by editing the file /etc/ssh/sshd_config or by using this command:

sed -E ‘s/^#(PermitRootLogin )no/1yes/’ /etc/ssh/sshd_config -i

Use it to generate your master keys:

shh keigen -A

Finally, start the ssh server, run /usr/sbin/sshd &. Make sure it works on ps aux.

Set a password for Container Root Account

By default, the root account of your container does not have a password. If you grant access to SSH, you must set a password for the root account.

You can use the Passwd command without options and follow the on-screen instructions:

code word

Container entry via SSH

Now try to enter the container from another host.

ssh [e-mail protected]_Host_server_address -p Port number

You do not need the -p option if you are already tied to port 22. For the IP address, use the IP address of the host server (not the Container).

When you execute the command, you should see a result similar to this command:

Password [email secure]:/mnt/data/documents/Linux Handbook/container-ssh$ ssh [email secure]
[email secure] :
Welcome to the Alps!

Alpine Wiki contains a large number of manuals and general
information about managing the Alpine system.
See http://wiki.alpinelinux.org/.

You can configure the system with the command: setup-alpine

You can edit this message by editing /etc/motd.

c4585d951883:~#

How does it work?

It can be better understood visually. Look at the following schedule.

Think of the Containers as a virtual machine with port 22 stuck to the 7655 home port (or your chosen port). This allows you to perform two different ssh processes on the same machine, linked to different ports.

Suppose you use a different port for SSH on the host system and you connect port 22 to the Container port. Now, if someone tries to connect to the host server on the default SSH port 22, it will end up in the container’s root file system.

Version of SSH for containers with Docker Compose [experts]

It would not be fair to leave you in this position without providing a reliable option for the SSH server container.

If you want to use another isolated sshd server with a separate root file system running on the remote system, you can do this without following the previous procedure, i.e. installing and configuring sshd on a running base container.

Because it is not easy to duplicate, any changes to a running container are not permanent, the container is loaded and everything disappears.

So here is a much easier, more reproducible and customizable way to install the SSH server container on your remote host.

Requirements

It is obvious that you need to install a tying weight. Basic knowledge of the docking personnel is absolutely essential here.

Since you access the server using SSH keys, you must add the SSH public key of your local system to the directory on your Linux server where the docker-compos file is located and save the name id_rsa.pub as a security measure.

Preparation of the Composite File

I suggest you use a Linux/openssh server image. This is a very bright image with fairly good settings due to the environmental variables.

The complete composition file is inserted here. Copy this to a location on your server and call the file docker-compos.yaml.

the version: 3.7

services:
ssh: image
: linux server/open server ports
:
– 22:2222 part
:
– environment ./id_rsa.pub:/pubkey:ro
:
PUID :
PGID :
TZ: ${TZ}
PUBLIC_KEY_FILE: /pubkey
SUDO_ACCESS: fake
PASSWORD_ACCESS: fake
USER_NAME : ${USER_NAME}
Reboot: Always

Pretty small compound file, isn’t it? Let me explain the different parts of this composition file.

Volumes: You only have one confirmation, which locks the public key in the container like in a pub. And just to read.

Ports: The sshd process in the container takes place in port 2222. That’s why I connected this port to my captain’s gate 22. Adapt the 22 to your needs, but don’t forget that you will need it later to introduce it into the container via SSH.

environmental variables :

  • USER_NAME : User in the Container, you are logged in from the local machine.
  • PUID AND PGID : UID and GID USER_NAME. This is optional, the container automatically assigns a few non-root identifiers if the environmental variables are not defined.
  • T.K: Your current time zone. You can get it by chat/etc/time zone.
  • PUBLIC_KEY FILE : Location of the public key file
  • SUDO_ACCESS & PASSWORD_ACCESS : It’s obvious.

Restart policy: I have established the policy that the container will always be rebooted, which means that the container will also be rebooted when the daemon is rebooted.

Installation services

To make it easier for you, I have created a bash-script that asks you a few questions and, depending on the answer, uses the service.

#! /usr/bin/env bash/

vars=(USER_NAME ID)
defaults=(991 dummy)
questions=(Which UID and GID do you prefer for your chosen username? default) Your desired username for the container? (dummy))

well()
{
echo $1 >> .env
}

for i in {1…0} ; read
-p ${questions[$i]} and
case $ans in
|default)
puts ${vars[$i]}=${defaults[$i]} ;;
*)
puts ${vars[$i]}=$ans ;;
esac
done

put TZ=$(cat /etc/time zone)

composition -d

I saved the bash-script under the name deployment.sh in the same directory as where the docker composition file was located.

When you run this script, it will ask you a few questions and then launch the Docker:

Execution of the Bash agreement.

Once this is done, try connecting to the server:

ssh [e-mail is safe] -p port

This concludes the article about chh with dockworkers. If you liked it or if you have something else to say, you can comment below or tweet me @imdebdut.

If you want me to write another article, you can let me know.

Related Tags:

ssh from one docker container to another,docker ssh-client,docker sshd example,error: no such container: –it,dockerizing an ssh service,ssh into debian docker container,ssh into stopped docker container,unknown operation ssh,ssh into openshift container,docker ssh port 2222,ssh docker as root,connect to docker container from host,docker view terminal,remote into docker,work in docker container,docker access image,docker inside container,linuxserver/openssh-server,docker authorized_keys,docker exec,ssh into docker container remotely,install ssh in docker container centos,how to ssh into docker container,ssh from docker container to outside,do you need an ssh server to get a bash shell inside a container,ssh tunnel into docker container,docker exec into container