How do I get into a Docker container's shell?
Asked Answered
R

32

2176

I'm getting started working with Docker. I'm using the WordPress base image and docker-compose.

I'm trying to ssh into one of the containers to inspect the files/directories that were created during the initial build. I tried to run docker-compose run containername ls -la, but that didn't do anything. Even if it did, I'd rather have a console where I can traverse the directory structure, rather than run a single command. What is the right way to do this with Docker?

Racemose answered 11/5, 2015 at 16:12 Comment(7)
So it sounds like the answer is docker attach. But how can I get to that from docker-compose?Racemose
Use docker exec askubuntu.com/a/543057/35816 . Get the container id using docker psStilbestrol
sudo docker run -it --entrypoint /bin/bash <container_name> gets you into the container interactively. Then one can inspect the file system in the container using cd <path>Redbreast
@Redbreast That's incorrect, docker run takes an image name, not a container ID. I was confused about running containers for a long time which is why I ended up writing blog.andrewray.me/towards-a-strong-mental-model-of-dockerTipcat
1. list your containers: docker ps -a; 2. sudo docker start <container_name> if you already have a container running. See container start for more parameters. 3. Then use the exec command.Apologue
docker-compose is now integrated into docker, so the command recommanded is now docker compose ... without the dash.Colmar
@AndyRay blog.andrewray.me/towards-a-strong-mental-model-of-docker is a broken link, do you have a new link for it?Stebbins
S
2973

docker attach will let you connect to your Docker container, but this isn't really the same thing as ssh. If your container is running a webserver, for example, docker attach will probably connect you to the stdout of the web server process. It won't necessarily give you a shell.

The docker exec command is probably what you are looking for; this will let you run arbitrary commands inside an existing container. For example:

docker exec -it <mycontainer> bash

Of course, whatever command you are running must exist in the container filesystem.

In the above command <mycontainer> is the name or ID of the target container. It doesn't matter whether or not you're using docker compose; just run docker ps and use either the ID (a hexadecimal string displayed in the first column) or the name (displayed in the final column). E.g., given:

$ docker ps
d2d4a89aaee9        larsks/mini-httpd   "mini_httpd -d /cont   7 days ago          Up 7 days                               web                 

I can run:

$ docker exec -it web ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
18: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:3/64 scope link 
       valid_lft forever preferred_lft forever

I could accomplish the same thing by running:

$ docker exec -it d2d4a89aaee9 ip addr

Similarly, I could start a shell in the container;

$ docker exec -it web sh
/ # echo This is inside the container.
This is inside the container.
/ # exit
$
Stambaugh answered 11/5, 2015 at 16:44 Comment(16)
Also, docker exec only works on running containers (otherwise use docker run -it --entrypoint /bin/bash or similar).Swayder
for your convenience, -it is a combination of -i and -t which is --interactive ("Keep STDIN open even if not attached") respectively --tty (" Allocate a pseudo-TTY").Pilothouse
On Alpine Linux based containers you might not have bash, so if so, use sh instead.Hawks
When I execute this, I am having permission issues creating/editing files inside the container - once a file is created, the local user cannot edit it until I do sudo chmod -R 777 /directoryMikol
@Swayder it is docker run -it --entrypoint /bin/bash <imageid> --any --more --args, just to clarify for peopleImmobilize
@AlexanderMills Yes, and to clarify further, those --any --more --args you have will be fed into whatever the image has defined as its CMD and not Docker (or if your image only defines an ENTRYPOINT and no CMD, then these options will be fed into /bin/bash as you've specified here). So for example any other docker run options (e.g. --net "host") need to go before the <imageid>.Swayder
You migh twant to replace bash by shMoiety
You'll note I show exactly that at the end of the answer :)Stambaugh
for entrypoint to work you mush include bash or sh in the container imagePompidou
Definitely the answer. Also, to access as the root user, which is very common: docker exec -it -u root <mycontainer> bashDamiandamiani
Please note that there are containers that (for security reasons) do not have bash or some form of shell bundled in its files.Efficiency
That's true! In this case -- depending on what you're trying to do -- nsenter can be useful, but sometimes your only option is docker inspect to find the root filesystem directory and just explore it directly.Stambaugh
Also consider adding the --rm param to clean up the container automatically after you are done: docker exec --rm -it <mycontainer> bashGibbosity
docker exec -it web ip addr Error response from daemon: No such container: webThrashing
That error message looks pretty clear: you've either mistyped the named of the container or it has exited and is no longer running.Stambaugh
OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: \"bash\": executable file not found in $PATH": unknownThrashing
S
509

To bash into a running container, type this:

docker exec -t -i container_name /bin/bash

or

docker exec -ti container_name /bin/bash

or

docker exec -ti container_name sh
Sarong answered 11/10, 2015 at 1:34 Comment(9)
Presuming it is a Linux container?Eastman
/bin/bash wasnt required just bash did it for meAnnettannetta
I would prefer docker exec -it instead of docker exec -t -iFilter
@nakamin According to the docs, adding the -u or --user flag will allow you to specify the user. docs.docker.com/engine/reference/commandline/execVolute
just bash will work out instead on /bin/bashOverpowering
To get the container name, run docker ps and use the container id. E.g. docker exec -t -i 5ae8669be8f8 /bin/bashCleanthes
how about an exited container? The problem is the container stops so fast so I don't have the chance to do exec it. And for the sake of learning I want to do on the container directly, not create a new one from the imagePrecedent
You cannot enter a non-running container. Practice with a container that keeps running like a MySQL container or any other kind of server.Winebaum
docker exec -ti container_name sh. it's work for meCarolincarolina
F
128

Historical note: At the time I wrote this answer, the title of the question was: "How to ssh into a docker container?"

As other answers have demonstrated, it is common to execute and interact with preinstalled commands (including shells) in a locally-accessible running container using docker exec, rather than SSH:

docker exec -it (container) (command)

Note: The below answer is based on Ubuntu (of 2016). Some translation of the installation process will be required for non-Debian containers.

Let's say, for reasons that are your own, you really do want to use SSH. It takes a few steps, but it can be done. Here are the commands that you would run inside the container to set it up...

apt-get update
apt-get install openssh-server

mkdir /var/run/sshd
chmod 0755 /var/run/sshd
/usr/sbin/sshd

useradd --create-home --shell /bin/bash --groups sudo username ## includes 'sudo'
passwd username ## Enter a password

apt-get install x11-apps ## X11 demo applications (optional)
ifconfig | awk '/inet addr/{print substr($2,6)}' ## Display IP address (optional)

Now you can even run graphical applications (if they are installed in the container) using X11 forwarding to the SSH client:

ssh -X username@IPADDRESS
xeyes ## run an X11 demo app in the client

Here are some related resources:

Fsh answered 16/5, 2016 at 3:36 Comment(2)
At the time I wrote this answer, the title of the question was: "How to ssh into a docker container?" Over the years, the question and answers have been edited by interlopers and bots -- in some cases, possibly changing the intent. My previous comment to this effect was anonymously deleted.Fsh
How many edits automatically turn my answer into a Community Wiki answer?Fsh
M
66

If the container has already exited (maybe due to some error), you can do:

$ docker run --rm -it --entrypoint /bin/bash image_name

or

$ docker run --rm -it --entrypoint /bin/sh image_name

or

$ docker run --rm -it --entrypoint /bin/bash image_name

to create a new container and get a shell into it.

Here is the breakdown of the command:

--rm: This option specifies that the container should be automatically removed when it is finished.

-it: These options allow the container to be run interactively with a pseudo-tty terminal. The -i option stands for interactive mode and the -t option stands for a pseudo-tty terminal.

--entrypoint /bin/bash: This option specifies the entry point for the container as /bin/bash, which is the shell program.

image_name: This is the name of the Docker image on which the container will be based.

Since you specified --rm, the container would be deleted when you exit the shell.

Misrepresent answered 9/11, 2018 at 6:26 Comment(0)
D
55

If you're here looking for a Docker Compose-specific answer like I was, it provides an easy way in without having to look up the generated container ID.

docker-compose exec takes the name of the service as per your docker-compose.yml file.

So to get a Bash shell for your 'web' service, you can do:

$ docker-compose exec web bash
Drouin answered 24/11, 2017 at 9:21 Comment(1)
docker-compose run works as well, if your container doesn't exist yet.Palmieri
S
31

Start a session into a Docker container using this command:

sudo docker exec -i -t (container ID) bash
Silvio answered 18/11, 2015 at 9:43 Comment(2)
or a little shorter: sudo docker exec -it <container ID> bashQuitclaim
or even shorter docker exec -it <container-id> sh :)Oscaroscillate
C
30

Notice: this answer promotes a tool I've written.

I've created a containerized SSH server that you can 'stick' to any running container. This way you can create compositions with every container. The only requirement is that the container has Bash.

The following example would start an SSH server attached to a container with name 'my-container'.

docker run -d -p 2222:22 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e CONTAINER=my-container -e AUTH_MECHANISM=noAuth \
  jeroenpeeters/docker-ssh

ssh localhost -p 2222

When you connect to this SSH service (with your SSH client of choice) a Bash session will be started in the container with name 'my-container'.

For more pointers and documentation see: https://github.com/jeroenpeeters/docker-ssh

Coplin answered 3/10, 2015 at 20:56 Comment(3)
That's pretty sweet. The big advantage of doing it this way is you're getting a fully functional terminal. When I used the "docker exec" approach then I couldn't clear the terminal content, less was showing a warning each time I run it etc. Using Jeroen's container is giving me a much better experience so far. Just make sure to check out the documentation. The sample command in the response doesn't seem valid any more.Concupiscence
it is a great tool. Do you know how can i use it as a jenkins pipeline docker agent? i Want jenkins to transfer some files by SCP to a remote host and execute them with SSHFragrance
Docker On Windows : docker run -d -p 2222:22 -v //var/run/docker.sock:/var/run/docker.sock -e CONTAINER=my-container -e AUTH_MECHANISM=noAuth --name node-manager jeroenpeeters/docker-sshResent
C
27

If you're using Docker on Windows and want to get shell access to a container, use this:

winpty docker exec -it <container_id> sh

Most likely, you already have Git Bash installed. If you don't, make sure to install it.

Copernicus answered 9/2, 2017 at 9:4 Comment(1)
Presumes a Linux Docker container?Eastman
E
27

In some cases your image can be Alpine-based. In this case it will throw:

OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"bash\": executable file not found in $PATH": unknown

Because /bin/bash doesn't exist. Instead of this you should use:

docker exec -it 9f7d99aa6625 ash

or

docker exec -it 9f7d99aa6625 sh
Emelun answered 27/4, 2018 at 5:26 Comment(0)
M
21

To connect to cmd in a Windows container, use

docker exec -it d8c25fde2769 cmd

Where d8c25fde2769 is the container id.

Millrun answered 13/6, 2017 at 8:50 Comment(0)
H
15

To inspect files, run docker run -it <image> /bin/sh to get an interactive terminal. The list of images can be obtained by docker images. In contrary to docker exec this solution works also in case when an image doesn't start (or quits immediately after running).

Helfand answered 17/9, 2017 at 19:45 Comment(1)
Presuming a Linux Docker image?Eastman
R
15

GOINSIDE SOLUTION

install goinside command line tool with:

sudo npm install -g goinside

and go inside a docker container with a proper terminal size with:

goinside docker_container_name

old answer

We've put this snippet in ~/.profile:

goinside(){
    docker exec -it $1 bash -c "stty cols $COLUMNS rows $LINES && bash";
}
export -f goinside

Not only does this make everyone able to get inside a running container with:

goinside containername

It also solves a long lived problem about fixed Docker container terminal sizes. Which is very annoying if you face it.

Also if you follow the link you'll have command completion for your docker container names too.

Rafi answered 14/3, 2018 at 15:16 Comment(1)
Thanks. It works like a charm, at least for those images which have bash already included. Might not work for alpine based images, however, can be fixed with a different function specifically written for sh/ash etc.Claudioclaudius
O
14

It is simple!

List out all your Docker images:

sudo docker images

On my system it showed the following output:

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
bash                latest              922b9cc3ea5e        9 hours ago
14.03 MB
ubuntu              latest              7feff7652c69        5 weeks ago         81.15 MB

I have two Docker images on my PC. Let's say I want to run the first one.

sudo docker run -i -t ubuntu:latest /bin/bash

This will give you terminal control of the container. Now you can do all type of shell operations inside the container. Like doing ls will output all folders in the root of the file system.

bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
Obscene answered 12/7, 2018 at 8:47 Comment(0)
O
14

2022 Solution

Consider another option

Why do you need it?

There is a bunch of modern docker-images that are based on distroless base images (they don't have /bin/bash either /bin/sh) so it becomes impossible to docker exec -it {container-name} bash into them.

How to shell-in any container

Use opener:

  • requires to add alias in your environment opener wordpress
  • works anywhere docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock artemkaxboy/opener wordpress

Instead of wordpress you can use name or id or image-name of any container you want to connect


How it works

Opener is a set of python scripts wrapped-up to a docker image. It finds target container by any unique attribute (name, id, port, image), tries to connect to target using bash. If bash is not found opener tries to connect using sh. Finally if sh is not found either opener installs busybox into target container and connects to the target using busybox shell, opener deletes busybox during disconnection.

Osterman answered 27/3, 2022 at 10:2 Comment(2)
That is very cool, I tried this and it works great. I love how simple the scripts are that it runs. I never would have thought to try installing busybox in order to get a shell environment working in a docker container.Birdwatcher
Love how simple this is. Shell alias set, so this it the last time I'll have to go looking for help on this. Thank you for the tool!Cerebration
H
12

I've created a terminal function for easier access to the container's terminal. Maybe it's useful to you guys as well:

So the result is, instead of typing:

docker exec -it [container_id] /bin/bash

you'll write:

dbash [container_id]

Put the following in your ~/.bash_profile (or whatever else that works for you), then open a new terminal window and enjoy the shortcut:

#usage: dbash [container_id]
dbash() {
    docker exec -it "$1" /bin/bash
}
Hedge answered 16/7, 2019 at 8:34 Comment(0)
W
10
$ docker exec -it <Container-Id> /bin/bash

Or depending on the shell, it can be

$ docker exec -it <Container-Id> /bin/sh

You can get the container-Id via docker ps command

-i = interactive

-t = to allocate a psuedo-TTY

Weller answered 22/1, 2019 at 5:46 Comment(0)
O
10

2024 version

Use exec with sh as a short-form:

docker exec -it <CONTAINER_ID or CONTAINER_NAME> sh

You can find CONTAINER_ID (1st column) or CONTAINER_NAME (last column) by performing docker ps & get output that looks like:

CONTAINER ID   IMAGE                 COMMAND                  CREATED       STATUS                 PORTS                                       NAMES
8e5611ba2567   nextjs:0.0.1   "docker-entrypoint.s…"   3 hours ago   Up 3 hours             0.0.0.0:3000->3000/tcp, :::3000->3000/tcp   web
f3967286c492   redis:7.2.4    "docker-entrypoint.s…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:6379->6379/tcp, :::6379->6379/tcp   web_redis

For nextjs:0.0.1, CONTAINER_ID is 8e5611ba2567 & CONTAINER_NAME is web. To get into web container, type:

docker exec -it 8e5611ba2567 sh
# or docker exec -it web sh (both are same)

For redis:7.2.4, CONTAINER_ID is f3967286c492 & CONTAINER_NAME is web_redis. To get into web_redis container, type:

docker exec -it f3967286c492 sh
# or docker exec -it web_redis sh (both are same)
Oscaroscillate answered 15/2, 2024 at 7:32 Comment(0)
T
8

you can interact with the terminal in docker container by passing the option -ti

docker run --rm -ti <image-name>
eg: docker run --rm -ti ubuntu

-t stands for terminal -i stands for interactive

Thereunder answered 11/3, 2019 at 17:46 Comment(0)
R
8

To exec into a running container named test, below is the following commands

If the container has bash shell

docker exec -it test /bin/bash

If the container has bourne shell and most of the cases it's present

docker run -it test /bin/sh
Reparative answered 31/5, 2020 at 23:52 Comment(0)
K
8

There are at least 2 options depending on the target.

Option 1: Create a new bash process and join into it (easier)

  • Sample start: docker exec -it <containername> /bin/bash
  • Quit: type exit
  • Pro: Does work on all containers (not depending on CMD/Entrypoint)
  • Contra: Creates a new process with own session and own environment-vars

Option 2: Attach to the already running bash (better)

  • Sample start: docker attach --detach-keys ctrl-d <containername>
  • Quit: use keys ctrl and d
  • Pro: Joins the exact same running bash which is in the container. You have same the session and same environment-vars.
  • Contra: Only works if CMD/Entrypoint is an interactive bash like CMD ["/bin/bash"] or CMD ["/bin/bash", "--init-file", "myfile.sh"] AND if container has been started with interactive options like docker run -itd <image> (-i=interactive, -t=tty and -d=deamon [opt])

We found option 2 more useful. For example we changed apache2-foreground to a normal background apache2 and started a bash after that.

Kristlekristo answered 23/7, 2020 at 16:4 Comment(0)
S
7

docker exec will definitely be a solution. An easy way to work with the question you asked is by mounting the directory inside Docker to the local system's directory.

So that you can view the changes in local path instantly.

docker run -v /Users/<path>:/<container path> 
Savannasavannah answered 12/5, 2015 at 5:19 Comment(2)
your command is actually mounting the host's directory into the container.Absentee
Yeah! Take a backup to another directory and then mount the volume, then move the backup to the mounted folder.Savannasavannah
H
7

Use:

docker attach <container name/id here>

The other way, albeit there is a danger to it, is to use attach, but if you Ctrl + C to exit the session, you will also stop the container. If you just want to see what is happening, use docker logs -f.

:~$ docker attach --help
Usage:  docker attach [OPTIONS] CONTAINER

Attach to a running container

Options:
      --detach-keys string   Override the key sequence for detaching a container
      --help                 Print usage
      --no-stdin             Do not attach STDIN
      --sig-proxy            Proxy all received signals to the process (default true)
Hangeron answered 2/2, 2017 at 18:3 Comment(0)
L
7

Use this command:

docker exec -it containerid /bin/bash
Leatherback answered 26/7, 2018 at 13:2 Comment(0)
H
5

This is best if you don't want to specify an entry point in your docker build file..

sudo docker run -it --entrypoint /bin/bash <container_name>
Heisenberg answered 23/11, 2022 at 0:20 Comment(0)
O
4

If you have Docker installed with Kitematic, you can use the GUI. Open Kitematic from the Docker icon and in the Kitematic window select your container, and then click on the exec icon.

You can see the container log and lots of container information (in settings tab) in this GUI too.

Select Kitematic from menu

Click on exec

Overleap answered 29/4, 2018 at 3:56 Comment(0)
R
2

If you are using Docker Compose then this will take you inside a Docker container.

docker-compose run container_name /bin/bash

Inside the container it will take you to WORKDIR defined in the Dockerfile. You can change your work directory by

WORKDIR directory_path # E.g  /usr/src -> container's path
Ruscio answered 2/2, 2018 at 11:37 Comment(0)
E
2

In my case, for some reason(s) I need to check all the network involved information in each container. So the following commands must be valid in a container...

ip
route
netstat
ps
...

I checked through all these answers, none were helpful for me. I’ve searched information in other websites. I won’t add a super link here, since it’s not written in English. So I just put up this post with a summary solution for people who have the same requirements as me.

Say you have one running container named light-test. Follow the steps below.

  • docker inspect light-test -f {{.NetworkSettings.SandboxKey}}. This command will get reply like /var/run/docker/netns/xxxx.
  • Then ln -s /var/run/docker/netns/xxxx /var/run/netns/xxxx. The directory may not exist, do mkdir /var/run/netns first.
  • Now you may execute ip netns exec xxxx ip addr show to explore network world in container.

PS. xxxx is always the same value received from the first command. And of course, any other commands are valid, i.e. ip netns exec xxxx netstat -antp|grep 8080.

Eve answered 4/9, 2018 at 4:48 Comment(0)
G
2

There are two options we can connect to the docker terminal directly with these method shell and bash but usually bash is not supported and defualt sh is supported terminal To sh into the running container, type this:

docker exec -it container_name/container_ID sh

To bash into a running container, type this:

docker exec -it container_name/container_ID bash

and you want to use only bash terminal than you can install the bash terminal in your Dockerfile like RUN apt install bash -y

Gumma answered 7/2, 2022 at 16:2 Comment(0)
S
1

There is one more method I currently utilize, but I've been exploring a more user-friendly alternative.

With the Windows Docker Desktop GUI, there's a feature that not only lets you open a direct shell on a container but also opens that shell in an external terminal. Essentially, it creates an instance of your selected terminal, and every command thereafter automatically utilizes 'docker exec -it ' without the need for manual input each time. Docker Desktop

Schall answered 27/9, 2023 at 13:33 Comment(0)
R
1

There now is an official docker command for this:

docker debug <container or image>

It allows you to get a shell (bash/fish/zsh) into any container. It also works for stopped containers and images. Essentially it's a replacement of docker exec -it <container> sh but with more features and less constraints (eg the debug shell has an install command to add further tools). Using docker debug does not modify your container/image (unless you explicitly do so, and only possible for running containers)

See official docs for more details and examples.

Disclaimer: As of now, this is a paid feature and requires Docker Desktop >= 4.27. Ie., if you want to do this with docker-ce, docker exec -it <container> sh still is the valid answer.

Ruano answered 13/2, 2024 at 12:58 Comment(3)
docker: 'debug' is not a docker command.Nordgren
Are you using docker desktop version 4.27 or higher? As mentioned in the disclaimer and in the referenced docs page, docker debug is a new command available as of docker desktop 4.27.Ruano
Understood, thank you! I am using Rancher Desktop 1.12.3 with docker as a backend Client - Version: 24.0.7-rd (output of docker version command )Nordgren
K
0

Another option is to use nsenter.

PID=$(docker inspect --format {{.State.Pid}} <container_name_or_ID>)
nsenter --target $PID --mount --uts --ipc --net --pid
Kawasaki answered 11/5, 2015 at 17:32 Comment(4)
There are a number of problems with nsenter. The first is that it requires you to have physical access to the docker host, which is not a given (you may be working with a remote docker API). Also, running under nsenter exempts you from several of the security and resource restrictions that Docker puts in place (which can be a pro or a con, depending on your environment).Stambaugh
Even the author of nsenter says to use docker exec these days.Swayder
@Stambaugh Yes, both have their own benefits. For example, this one is a benefit of nsenter over docker exec. docker exec looks more elegant to me.Kawasaki
@Swayder Just to be less confusing: the post you referred is not by the author of nsenter, but the author of a Docker image which runs nsenter.Kawasaki
S
-4

For docker-compose up (Docker4Drupal)

docker-compose exec php bash

I use Docker for Drupal on a Linux laptop. After running the container I use 'docker-compose exec php bash' to connect with the container so I can run drush commandos. It works fine for me.

Say answered 11/9, 2017 at 17:4 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.