[Docker] docker container ssh 접속
docker로 컨테이너 관리를 하기 위한 ssh 접속 환경설정을 해보자.
먼저 centos 이미지를 통해 컨테이너를 만들어준다.
난 1002 포트를 이용해보도록 하겠다.
#centos7 이미지를 기반으로 컨테이너 생성
#ssh 접속을 위해 -p [host_port]:22 옵션
[minggu92@cloud ~]$ docker run --name centos_test -p 1002:22 --privileged -d --cap-add=SYS_ADMIN centos:7 /sbin/init
[minggu92@cloud ~]$ docker exec -it centos_test /bin/bash
#생성한 컨테이너 출력
[minggu92@cloud ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ebf51df9efd8 centos:7 "/sbin/init" 2 hours ago Up About an hour 0.0.0.0:1002->22/tcp, :::1002->22/tcp centos_test
#도커 컨테이너 실행
[minggu92@cloud ~]$ docker exec -it centos_test /bin/bash
[root@ebf51df9efd8 /]#
컨테이너가 생성이 됐으면 접속 후 패키지를 설치해주자
1. ntsysv : 부팅 시 자동으로 실행할 서비스 관리 패키지
#ntsysv : 부팅시 자동으로 실행 할 서비스 관리 패키지
[root@ebf51df9efd8 /]# yum -y install ntsysv
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirror.kakao.com
* extras: mirror.kakao.com
* updates: mirrors.ustc.edu.cn
base
extras
updates
(1/4): extras/7/x86_64/primary_db
(2/4): base/7/x86_64/group_gz
(3/4): updates/7/x86_64/primary_db
(4/4): base/7/x86_64/primary_db
Resolving Dependencies
--> Running transaction check
---> Package ntsysv.x86_64 0:1.7.6-1.el7 will be installed
--> Processing Dependency: libnewt.so.0.52(NEWT_0.52)(64bit) for package: ntsysv-1.7.6-1.el7.x86_64
--> Processing Dependency: libnewt.so.0.52()(64bit) for package: ntsysv-1.7.6-1.el7.x86_64
--> Running transaction check
---> Package newt.x86_64 0:0.52.15-4.el7 will be installed
--> Processing Dependency: libslang.so.2(SLANG2)(64bit) for package: newt-0.52.15-4.el7.x86_64
--> Processing Dependency: libslang.so.2()(64bit) for package: newt-0.52.15-4.el7.x86_64
--> Running transaction check
---> Package slang.x86_64 0:2.2.4-11.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================
Package Arch Ve
=================================================================================================================
Installing:
ntsysv x86_64 1.
Installing for dependencies:
newt x86_64 0.
slang x86_64 2.
Transaction Summary
=================================================================================================================
Install 1 Package (+2 Dependent packages)
Total download size: 655 k
Installed size: 2.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/ntsysv-1.7.6-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key
Public key for ntsysv-1.7.6-1.el7.x86_64.rpm is not installed
(1/3): ntsysv-1.7.6-1.el7.x86_64.rpm
(2/3): slang-2.2.4-11.el7.x86_64.rpm
(3/3): newt-0.52.15-4.el7.x86_64.rpm
-----------------------------------------------------------------------------------------------------------------
Total
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : slang-2.2.4-11.el7.x86_64
Installing : newt-0.52.15-4.el7.x86_64
Installing : ntsysv-1.7.6-1.el7.x86_64
Verifying : ntsysv-1.7.6-1.el7.x86_64
Verifying : newt-0.52.15-4.el7.x86_64
Verifying : slang-2.2.4-11.el7.x86_64
Installed:
ntsysv.x86_64 0:1.7.6-1.el7
Dependency Installed:
newt.x86_64 0:0.52.15-4.el7
Complete!
2. initscript - script that executes inittab commands.
[root@ebf51df9efd8 /]# yum -y install initscripts && yum clean all
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.kakao.com
* extras: mirror.kakao.com
* updates: mirrors.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package initscripts.x86_64 0:9.49.53-1.el7_9.1 will be installed
--> Processing Dependency: sysvinit-tools >= 2.87-5 for package: initscripts-9.49.53-1.el7_9.1.x86_64
--> Processing Dependency: iproute for package: initscripts-9.49.53-1.el7_9.1.x86_64
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
---> Package sysvinit-tools.x86_64 0:2.88-14.dsf.el7 will be installed
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================
Package Arch
=================================================================================================================
Installing:
initscripts x86_64
Installing for dependencies:
iproute x86_64
iptables x86_64
libmnl x86_64
libnetfilter_conntrack x86_64
libnfnetlink x86_64
sysvinit-tools x86_64
Transaction Summary
=================================================================================================================
Install 1 Package (+6 Dependent packages)
Total download size: 1.8 M
Installed size: 5.1 M
Downloading packages:
(1/7): libmnl-1.0.3-7.el7.x86_64.rpm
(2/7): libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
(3/7): iptables-1.4.21-35.el7.x86_64.rpm
(4/7): libnfnetlink-1.0.1-4.el7.x86_64.rpm
(5/7): sysvinit-tools-2.88-14.dsf.el7.x86_64.rpm
(6/7): iproute-4.11.0-30.el7.x86_64.rpm
(7/7): initscripts-9.49.53-1.el7_9.1.x86_64.rpm
-----------------------------------------------------------------------------------------------------------------
Total
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libmnl-1.0.3-7.el7.x86_64
Installing : libnfnetlink-1.0.1-4.el7.x86_64
Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64
Installing : iptables-1.4.21-35.el7.x86_64
Installing : iproute-4.11.0-30.el7.x86_64
Installing : sysvinit-tools-2.88-14.dsf.el7.x86_64
Installing : initscripts-9.49.53-1.el7_9.1.x86_64
Verifying : libnfnetlink-1.0.1-4.el7.x86_64
Verifying : initscripts-9.49.53-1.el7_9.1.x86_64
Verifying : libmnl-1.0.3-7.el7.x86_64
Verifying : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64
Verifying : iproute-4.11.0-30.el7.x86_64
Verifying : sysvinit-tools-2.88-14.dsf.el7.x86_64
Verifying : iptables-1.4.21-35.el7.x86_64
Installed:
initscripts.x86_64 0:9.49.53-1.el7_9.1
Dependency Installed:
iproute.x86_64 0:4.11.0-30.el7 iptables.x86_64 0:1.4.21-35.el7 libmnl.x86_64 0:1.0.3-7.el7 libnetfilte
Complete!
3. net-tool : 네트워크 툴 (ifconfig 명령어)
[root@ebf51df9efd8 /]# yum -y install net-tools
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirror.kakao.com
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
base
extras
updates
(1/4): base/7/x86_64/group_gz
(2/4): base/7/x86_64/primary_db
(3/4): extras/7/x86_64/primary_db
(4/4): updates/7/x86_64/primary_db
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================
Package Arch Version
=================================================================================================================
Installing:
net-tools x86_64 2.0-0.2
Transaction Summary
=================================================================================================================
Install 1 Package
Total download size: 306 k
Installed size: 917 k
Downloading packages:
net-tools-2.0-0.25.20131004git.el7.x86_64.rpm
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.25.20131004git.el7.x86_64
Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64
Installed:
net-tools.x86_64 0:2.0-0.25.20131004git.el7
Complete!
4. sudo
[root@ebf51df9efd8 /]# yum -y install sudo
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.kakao.com
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package sudo.x86_64 0:1.8.23-10.el7_9.2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================
Package Arch Versio
=================================================================================================================
Installing:
sudo x86_64 1.8.23
Transaction Summary
=================================================================================================================
Install 1 Package
Total download size: 843 k
Installed size: 3.1 M
Downloading packages:
sudo-1.8.23-10.el7_9.2.x86_64.rpm
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : sudo-1.8.23-10.el7_9.2.x86_64
Verifying : sudo-1.8.23-10.el7_9.2.x86_64
Installed:
sudo.x86_64 0:1.8.23-10.el7_9.2
Complete!
5. root 계정의 패스워드 변경
[root@ebf51df9efd8 /]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
6. open-ssh 설치
[root@ebf51df9efd8 /]# yum -y install openssh-server openssh-clients openssh-askpass
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.kakao.com
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package openssh-askpass.x86_64 0:7.4p1-22.el7_9 will be installed
...
...
...
Complete!
#최상위 폴더에 ssh keygen
[root@ebf51df9efd8 /]# cd ~
[root@ebf51df9efd8 ~]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:---
The key's randomart image is:
+---[RSA 2048]----+
|*B==..oo. |
|=o*..oo+ . |
|.oo+o.+oo . |
| o=.* =+. |
|Eo O + .So |
|. * + + .o |
|.o . . . |
|. |
| |
+----[SHA256]-----+
[root@ebf51df9efd8 ~]# cd .ssh
[root@ebf51df9efd8 .ssh]# cat id_rsa.pub >> authorized_keys
[root@ebf51df9efd8 .ssh]# mkdir /var/run/sshd
[root@ebf51df9efd8 .ssh]# sed -i 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
[root@ebf51df9efd8 .ssh]# vi /etc/ssh/sshd_config
# PermitRootLogin yes 찾아 주석을 해제하고 저장(:wq)
[root@ebf51df9efd8 .ssh]# systemctl start sshd
7. 최종 확인
#Ctrl P, Q로 컨테이너 밖으로
[root@ebf51df9efd8 .ssh]# read escape sequence
#host ip 주소가 192.168.0.92 라면,
[minggu92@cloud ~]$ ssh -p 1002 root@192.168.0.92
The authenticity of host '[192.168.0.92]:1002 ([192.168.0.92]:1002)' can't be established.
ECDSA key fingerprint is SHA256:---
ECDSA key fingerprint is MD5:e2:---
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.0.92]:1002' (ECDSA) to the list of known hosts.
root@192.168.0.92's password:
Last login: Thu Mar 17 06:03:38 2022 from 192.168.0.92
#접속완료
[root@ebf51df9efd8 ~]#
8. 만약 해당 포트를 열어두지 않았다면 firewall-cmd를 이용해 열어주면 된다.
#방화벽 리스트 확인
[minggu92@cloud ~]$ firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client dns http ssh
ports: 8080/tcp 8443/tcp 53/tcp 53/udp 9100/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
#1002 포트 추가
[minggu92@cloud ~]$ firewall-cmd --add-port=1002/tcp --permanent
# firewalld 재기동
[minggu92@cloud ~]$ firewall-cmd --reload
'Server & Infra' 카테고리의 다른 글
| [Docker] Dockerfile생성, 그리고 build 하기 (ssh컨테이너용) (0) | 2022.03.22 |
|---|---|
| [Docker] docker container commit, push (0) | 2022.03.21 |
| [Docker] Docker Container 조작 총정리 (0) | 2022.03.17 |
| [Docker] docker 이미지 삭제시 에러 발생할 때 (0) | 2022.03.17 |
| [Docker] sudo 권한 없이 Docker 실행 (0) | 2022.03.16 |