一. 从docker hub 下载centos 官方镜像
hr:centos7 hr$ docker pull centos:7 下载完后,查看本地资源库:hr:centos7 hr$ docker imagesREPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos 7 ce20c473cd8a 7 weeks ago 172.3 MB运行容器hr:centos7 hr$ docker run -i -t centos:7 /bin/bash
二. 安装passwd,openssl,openssh-server
[root@b5926410fe60 /]# yum install passwd openssl openssh-server -y启动sshd:# /usr/sbin/sshd -D这时报以下错误:[root@ b5926410fe60 /]# /usr/sbin/sshdCould not load host key: /etc/ssh/ssh_host_rsa_keyCould not load host key: /etc/ssh/ssh_host_ecdsa_keyCould not load host key: /etc/ssh/ssh_host_ed25519_key 执行以下命令解决:[root@b5926410fe60 /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' [root@b5926410fe60 /]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''[root@b5926410fe60 /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' 然后,修改 /etc/ssh/sshd_config 配置信息:
UsePAM yes 改为 UsePAM no
UsePrivilegeSeparation sandbox 改为 UsePrivilegeSeparation no
[root@b5926410fe60 /]# sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config[root@b5926410fe60 /]# sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config修改完后,重新启动sshd[root@b5926410fe60 /]# /usr/sbin/sshd -D
三. 修改root 密码
[root@b5926410fe60 /]# passwd root
四. 查看容器ip地址(如果宿主机是linux操作系统则跳过这一步)
[root@b5926410fe60 /]# ip addr ls eth084: eth0@if85: mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:2/64 scope link valid_lft forever preferred_lft forever
五. 将当前容器保存为镜像
hr:centos7 hr$ docker ps -allCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESb5926410fe60 centos:7 "/bin/bash" 4 minutes ago Exited (0) 4 seconds ago centos7sshhr:centos7 hr$ docker commit b5926410fe60 herong/centos7-ssh
六. 在宿主机上基于新创建的镜像启动新的容器
--先删除之前的容器hr:centos7 hr$ docker ps -allCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES4122f818a741 herong/centos7-ssh:latest "/usr/sbin/sshd" 13 seconds ago Exited (0) 13 seconds ago happy_mcleanhr:centos7 hr$ docker rm -f 4122f818a741--基于新镜像运行容器hr:centos7 hr$ docker run -d -p 10022:22 herong/centos7-ssh:latest /usr/sbin/sshd -D--查看映射端口是否成功hr:centos7 hr$ docker ps -allCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES4966d35fe0a3 herong/centos7-ssh:latest "/usr/sbin/sshd -D" 3 seconds ago Up 3 seconds 0.0.0.0:10022->22/tcp compassionate_kowalevskihr:centos7 hr$ docker port 4966d35fe0a322/tcp -> 0.0.0.0:10022
七. 从宿主机连接到容器
w 如果宿主机是非linux操作系统,则需要通过docker-machine ip连到容器 -- 查看docker-machine Ip地址 hr:centos7 hr$ docker-machine ip default 192.168.99.100 --通过docker-machine ip 连接到容器,输入之前设置的密码即可登录成功 hr:centos7 hr$ ssh root@192.168.99.100 -p 10022 The authenticity of host '[192.168.99.100]:10022 ([192.168.99.100]:10022)' can't be established. ECDSA key fingerprint is SHA256:d3JNckcTVv1ASJlwv+IT/bJwlzMC4U1T/PmsKYIHMhQ. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[192.168.99.100]:10022' (ECDSA) to the list of known hosts. root@192.168.99.100's password: [root@4966d35fe0a3 ~]# pwd /root w 如果宿主机是linux操作系统,则通过第4步查看到的ip地址连接 hr:centos7 hr$ ssh root@172.17.0.2 -p 10022