how to make docker image ssh enabled

Question

We have docker running on one machine

Workstation running on other machine

I want to do bootstrap from workstation on docker container then our image should be ssh enabled

How to make docker image ssh enabled.

Answer 1

Before you add ssh you should see if docker exec will be sufficient for what you need. (doc link)

If you do need SSH, the following Dockerfile should help (copied from Docker docs):

# sshd
#
# VERSION               0.0.2

FROM ubuntu:14.04
MAINTAINER Sven Dowideit <[email protected]>

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:screencast' | chpasswd
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile

EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

Answer 2

Using the CMD command in your Dockerfile will indeed enable ssh

CMD ["/usr/sbin/sshd", "-D"]

But there is a huge downside. If you already have a CMD command (that starts MySQL for example), then you are facing a problem not easily resolved in Docker. You can use only one CMD in Dockerfile. But there is a workaround for that, using supervisor. What you do is tell Dockerfile to install Supervisor:

RUN apt-get install -y openssh-server supervisor

Using supervisor, you can start as many processes as you want on container startup. These processes are defined in supervisor.conf file (naming is arbitrary) located in the directory with your Dockerfile. In your Dockerfile you tell Docker to copy this file during building:

ADD supervisor-base.conf /etc/supervisor.conf

Then you tell Docker to start supervisor when container starts (when supervisor starts, supervisor will also start all processes listed in the supervisor.conf file mentioned above).

CMD ["supervisord", "-c", "/etc/supervisor.conf"]

Your supervisor.conf file may look like this:

[supervisord]
nodaemon=true

[program:sshd]
directory=/usr/local/
command=/usr/sbin/sshd -D
autostart=true
autorestart=true
redirect_stderr=true

There is one issue to be careful about. Supervisor needs to start as a root, otherwise it will throw errors. So if your Dockerfile defines an user to start container with (e.g USER jboss), then you should put USER root at the end of your Dockerfile, so that supervisor starts with root. In your supervisor.conf file you simply define a user for each process:

[program:wildfly]
user=jboss
command=/opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0

[program:chef]
user=chef
command=/bin/bash -c chef-2.1/bin/start.sh

Of course, these users need to be pre-defined in your dockerfile. E.g.

RUN groupadd -r -f jboss -g 2000 && useradd -u 2000 -r -g jboss -m -d /opt/jboss -s /sbin/nologin -c "JBoss user" jboss

You can learn more about Supervisor+Docker+SSH in more details in this article.