Start sshd automatically with docker container

P

9

57

Given:

container based on ubuntu:13.10
installed ssh (via apt-get install ssh)

Problem: each when I start container I have to run sshd manually service ssh start

Tried: update-rc.d ssh defaults, but it does not helps.

Question: how to setup container to start sshd service automatically during container start?

Pedropedrotti answered 5/4, 2014 at 20:38 Comment(2)

Temporary solved by adding corresponding line to /etc/bash.bashrc. But this is ugly way, IMHO. – Pedropedrotti 6/4, 2014 at 7:5

There is IMHO better solution. Check my other answer #27861006 – Jeramyjerba 8/6, 2020 at 12:27

D

-18

You can try a more elegant way to do that with phusion/baseimage-docker

https://github.com/phusion/baseimage-docker#readme

Domingo answered 10/4, 2014 at 0:4 Comment(2)

This really doesn't answer the question posed. It's a side-channel to get a Docker container with sshd running, not a way to start sshd automatically in a Docker container. Useless for people who can't change the image they inherit from. – Magnesite 17/12, 2014 at 20:36

irrelevant to the question – Expellant 11/2 at 7:1

H

48

Just try:

ENTRYPOINT service ssh restart && bash

in your dockerfile, it works fun for me!

more details here: How to automatically start a service when running a docker container?

Heterogenous answered 24/8, 2015 at 9:36 Comment(1)

try it here #25136397 – Heterogenous 6/9, 2016 at 12:24

G

18

Here is a Dockerfile which installs ssh server and runs it:

# Build Ubuntu image with base functionality.
FROM ubuntu:focal AS ubuntu-base
ENV DEBIAN_FRONTEND noninteractive
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Setup the default user.
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo ubuntu
RUN echo 'ubuntu:ubuntu' | chpasswd
USER ubuntu
WORKDIR /home/ubuntu

# Build image with Python and SSHD.
FROM ubuntu-base AS ubuntu-with-sshd
USER root

# Install required tools.
RUN apt-get -qq update \
    && apt-get -qq --no-install-recommends install vim-tiny=2:8.1.* \
    && apt-get -qq --no-install-recommends install sudo=1.8.* \
    && apt-get -qq --no-install-recommends install python3-pip=20.0.* \
    && apt-get -qq --no-install-recommends install openssh-server=1:8.* \
    && apt-get -qq clean    \
    && rm -rf /var/lib/apt/lists/*

# Configure SSHD.
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
RUN mkdir /var/run/sshd
RUN bash -c 'install -m755 <(printf "#!/bin/sh\nexit 0") /usr/sbin/policy-rc.d'
RUN ex +'%s/^#\zeListenAddress/\1/g' -scwq /etc/ssh/sshd_config
RUN ex +'%s/^#\zeHostKey .*ssh_host_.*_key/\1/g' -scwq /etc/ssh/sshd_config
RUN RUNLEVEL=1 dpkg-reconfigure openssh-server
RUN ssh-keygen -A -v
RUN update-rc.d ssh defaults

# Configure sudo.
RUN ex +"%s/^%sudo.*$/%sudo ALL=(ALL:ALL) NOPASSWD:ALL/g" -scwq! /etc/sudoers

# Generate and configure user keys.
USER ubuntu
RUN ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
#COPY --chown=ubuntu:root "./files/authorized_keys" /home/ubuntu/.ssh/authorized_keys

# Setup default command and/or parameters.
EXPOSE 22
CMD ["/usr/bin/sudo", "/usr/sbin/sshd", "-D", "-o", "ListenAddress=0.0.0.0"]

Build with the following command:

docker build --target ubuntu-with-sshd -t ubuntu-with-sshd .

Then run with:

docker run -p 2222:22 ubuntu-with-sshd

To connect to container via local port, run: ssh -v localhost -p 2222.

To check for container IP address, use docker ps and docker inspect.

Here is example of docker-compose.yml file:

---
version: '3.4'
services:
  ubuntu-with-sshd:
    image: "ubuntu-with-sshd:latest"
    build:
      context: "."
      target: "ubuntu-with-sshd"
    networks:
      mynet:
        ipv4_address: 172.16.128.2
    ports:
      - "2222:22"
    privileged: true # Required for /usr/sbin/init
networks:
  mynet:
    ipam:
      config:
        - subnet: 172.16.128.0/24

To run, type:

docker-compose up --build

Glandule answered 11/5, 2020 at 20:36 Comment(3)

Why do you need EXPOSE and a port mapping to 2222? I read that you only need that if you want to provide access to the container from outside the host – Carborundum 30/5, 2023 at 16:2

EXPOSE is purely documental. It does not automatically exposes ports. docs.docker.com/engine/reference/builder/#expose You need to expose the port to access it from the host. – Theaterintheround 15/8, 2023 at 23:12

To make this work I had to remove the in docker ssh-keygen -t ed25519 line, uncommend the next copy authorized keys line, and then generate the keys outside of the docker image so I could login with: ssh -o IdentitiesOnly=yes -i ./files/id_ed25519 -F none -v ubuntu@localhost -p 2222 – Celina 24/1 at 22:42

P

13

I think the correct way to do it would follow docker's instructions to dockerizing the ssh service.

And in correlation to the specific question, the following lines added at the end of the dockerfile will achieve what you were looking for:

EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

Dockerize a SSHD service

Parfitt answered 21/1, 2020 at 16:23 Comment(4)

doesn't work: when I attach to the running Docker, there's no ssh server running. – Ellipticity 1/11, 2021 at 11:38

please can you clearify what -D for? – Glyceride 25/1, 2022 at 18:26

-D = When this option is specified, sshd will not detach and does not become a daemon. You can execute "man sshd" to learn that. – Parfitt 1/1, 2023 at 20:40

Link no longer works. – Profligate 7/11, 2023 at 14:49

H

5

I have created dockerfiler to run ssh inside. I think it is not secure, but for testing/development in DMZ it could be ok:

FROM ubuntu:20.04

USER root

# change root password to `ubuntu`
RUN echo 'root:ubuntu' | chpasswd

ENV DEBIAN_FRONTEND noninteractive

# install ssh server
RUN apt-get update && apt-get install -y \
  openssh-server sudo \
  && rm -rf /var/lib/apt/lists/*

# workdir for ssh
RUN mkdir -p /run/sshd

# generate server keys
RUN ssh-keygen -A

# allow root to login
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

EXPOSE 22

# run ssh server
CMD ["/usr/sbin/sshd", "-D", "-o", "ListenAddress=0.0.0.0"]

Hemiterpene answered 18/10, 2021 at 12:6 Comment(1)

As an extension of this docker, you may want to copy pregenerated priv/pub keys and disable password login, and/or add non-root user. – Hemiterpene 25/9, 2023 at 7:42

C

2

You can start ssh server when starting your container probably. Something like this:

docker run ubuntu /usr/sbin/sshd -D

Check out this official tutorial.

Chastain answered 6/4, 2014 at 10:8 Comment(3)

It will start a new container. how to start a pre-existing container, and auto-start sshd? – Steakhouse 15/8, 2014 at 7:0

Now you can start sshd with docker exec - docs.docker.com/reference/commandline/cli/#exec – Domingo 6/2, 2015 at 18:0

broken link i think – Dappled 13/4, 2021 at 4:12

S

2

This is what I did:

FROM nginx

# install gosu
# seealso:
# https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
# https://github.com/tianon/gosu/blob/master/INSTALL.md
# https://github.com/tianon/gosu
RUN set -eux; \
    apt-get update; \
    apt-get install -y gosu; \
    rm -rf /var/lib/apt/lists/*; \
# verify that the binary works
    gosu nobody true

ENV myenv='default'

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd

COPY entrypoint.sh /entrypoint.sh

ENV AIRFLOW_HOME=/usr/local/airflow
RUN mkdir $AIRFLOW_HOME
RUN groupadd --gid 8080 airflow
RUN useradd --uid 8080 --gid 8080 -ms /bin/bash -d $AIRFLOW_HOME airflow
RUN echo 'airflow:mypass' | chpasswd


EXPOSE 22
CMD ["/entrypoint.sh"]

Inside entrypoint.sh:

echo "starting ssh as root"
gosu root service ssh start &
#gosu root /usr/sbin/sshd -D &

echo "starting tail user"
exec gosu airflow tail -f /dev/null

Sauter answered 6/8, 2020 at 15:20 Comment(0)

W

1

Well, I used the following command to solve that

docker run -i -t  mycentos6 /bin/bash -c '/etc/init.d/sshd start && /bin/bash'

Wealth answered 18/10, 2017 at 23:35 Comment(0)

H

-1

First login to your container and write an initialization script /bin/init as following:

# execute in the container
cat <<EOT >> /bin/init
#!/bin/bash
service ssh start
while true; do sleep 1; done
EOT

Then make the root user is permitted to logging via ssh:

# execute in the container
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

Commit the container to a new image after exiting from the container:

# execute in the server
docker commit <YOUR_CONTAINER> <ANY_REPO>:<ANY_TAG>

From now on, as long as you run your container with the following command, the ssh service will be automatically started.

# execute in the server
docker run -it -d --name <NAME> <REPO>:<TAG> /bin/init
docker exec -it <NAME> /bin/bash

Done.

Hypotrachelium answered 31/5, 2021 at 4:53 Comment(1)

You should almost never use docker commit. Instead, write the commands to set up the image in a Dockerfile (and check it into source control), as the other answers to this question do. – Talmud 31/10, 2021 at 18:24

D

-18

You can try a more elegant way to do that with phusion/baseimage-docker

https://github.com/phusion/baseimage-docker#readme

Domingo answered 10/4, 2014 at 0:4 Comment(2)

This really doesn't answer the question posed. It's a side-channel to get a Docker container with sshd running, not a way to start sshd automatically in a Docker container. Useless for people who can't change the image they inherit from. – Magnesite 17/12, 2014 at 20:36

irrelevant to the question – Expellant 11/2 at 7:1

Recommended topics

Hot tags