Tuesday, 19 November 2019

Create Docker with SSHD and Bind Host Ports to Its Ports

A docker image with systemd and sshd:
https://hub.docker.com/r/ravik694/c7-systemd-sshd

Install Docker:
sudo yum install docker -y

1. Docker pull the image:
sudo docker pull ravik694/c7-systemd-sshd

2. Create a container named 'd1':
sudo docker run -ti -d -P -p 122:22 --privileged --name d1 -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /tmp/$(mktemp -d):/run ravik694/c7-systemd-sshd

Change the host port for SSH (122 above), and the name of the container (d1 above). Mostly mapping the SSH port is enough, other ports are already exposed by option -P. See step 3 below for getting container IPs, and Nginx proxy_pass to those IPs.

3. Get virtual IP of container d1:
sudo docker inspect d1 | grep IPA

4. SSH to it and change root password:
#for the first container, step 3 gives: 172.17.0.2
ssh root@IP_IN_STEP_3
#type 'toor' for password
#change passwd for root
passwd root

5. Test SSH over host port:
#hm, this port 32771 can't be used to create the second container
#but the image will bind different ports for more containers:
#32771 --> firstcontainer:22
#32773 --> secondcontainer:22
#plus 2, plus 2...
ssh root@localhost -p 32771

6. Map host port to docker port (for a running container):
THIS IS NOT A SOLUTION FOR THOSE DON'T WANT FIREWALL SERVICE.
https://forums.docker.com/t/how-to-expose-port-on-running-container/3252/13

7. Map host port to docker port
THIS IS THE BETTER SOLUTION.
https://stackoverflow.com/a/49371983/5581893

a. Stop the running container, 'd1' for example
sudo docker container stop d1

b. Find the container Id
sudo docker container ls -a

c. Edit 'config.v2.json' of the container
* Open the file through tools such as WinSCP, as 'root' user. Sudo edit file /etc/ssh/sshd_config to enable password authentication and root login.
* Use desktop editor like Sublime Text with 'Pretty JSON' package to format the JSON in the file.
* Find 'ExposedPorts' in the file to add more open ports in the container.

d. Edit 'hostconfig.json' of the container
* Open the file through tools such as WinSCP, as 'root' user. Sudo edit file /etc/ssh/sshd_config to enable password authentication and root login.
* Use desktop editor like Sublime Text with 'Pretty JSON' package to format the JSON in the file.
* Find 'PortBindings' in the file to map more ports from host to container.

e. Restart Docker
sudo systemctl restart docker

f. Start back the container
sudo docker container start d1
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)