[Docker] docker container ssh 설치 및 접속

솔직히 도커는 고래이미지가 더 귀엽지 않나...쩝

[Docker] docker container ssh 접속

 

docker로 컨테이너 관리를 하기 위한 ssh 접속 환경설정을 해보자.

먼저 centos 이미지를 통해 컨테이너를 만들어준다.

난 1002 포트를 이용해보도록 하겠다.

#centos7 이미지를 기반으로 컨테이너 생성
#ssh 접속을 위해 -p [host_port]:22 옵션
[minggu92@cloud ~]$ docker run --name centos_test -p 1002:22 --privileged -d --cap-add=SYS_ADMIN centos:7 /sbin/init
[minggu92@cloud ~]$ docker exec -it centos_test /bin/bash

#생성한 컨테이너 출력
[minggu92@cloud ~]$ docker ps -a
CONTAINER ID   IMAGE      COMMAND        CREATED       STATUS             PORTS                                   NAMES
ebf51df9efd8   centos:7   "/sbin/init"   2 hours ago   Up About an hour   0.0.0.0:1002->22/tcp, :::1002->22/tcp   centos_test

#도커 컨테이너 실행
[minggu92@cloud ~]$ docker exec -it centos_test /bin/bash
[root@ebf51df9efd8 /]#

 

컨테이너가 생성이 됐으면 접속 후 패키지를 설치해주자

1. ntsysv : 부팅 시 자동으로 실행할 서비스 관리 패키지

#ntsysv : 부팅시 자동으로 실행 할 서비스 관리 패키지
[root@ebf51df9efd8 /]# yum -y install ntsysv
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirror.kakao.com
 * extras: mirror.kakao.com
 * updates: mirrors.ustc.edu.cn
base
extras
updates
(1/4): extras/7/x86_64/primary_db
(2/4): base/7/x86_64/group_gz
(3/4): updates/7/x86_64/primary_db
(4/4): base/7/x86_64/primary_db
Resolving Dependencies
--> Running transaction check
---> Package ntsysv.x86_64 0:1.7.6-1.el7 will be installed
--> Processing Dependency: libnewt.so.0.52(NEWT_0.52)(64bit) for package: ntsysv-1.7.6-1.el7.x86_64
--> Processing Dependency: libnewt.so.0.52()(64bit) for package: ntsysv-1.7.6-1.el7.x86_64
--> Running transaction check
---> Package newt.x86_64 0:0.52.15-4.el7 will be installed
--> Processing Dependency: libslang.so.2(SLANG2)(64bit) for package: newt-0.52.15-4.el7.x86_64
--> Processing Dependency: libslang.so.2()(64bit) for package: newt-0.52.15-4.el7.x86_64
--> Running transaction check
---> Package slang.x86_64 0:2.2.4-11.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
 Package                                                Arch                                                   Ve
=================================================================================================================
Installing:
 ntsysv                                                 x86_64                                                 1.
Installing for dependencies:
 newt                                                   x86_64                                                 0.
 slang                                                  x86_64                                                 2.

Transaction Summary
=================================================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 655 k
Installed size: 2.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/ntsysv-1.7.6-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key
Public key for ntsysv-1.7.6-1.el7.x86_64.rpm is not installed
(1/3): ntsysv-1.7.6-1.el7.x86_64.rpm
(2/3): slang-2.2.4-11.el7.x86_64.rpm
(3/3): newt-0.52.15-4.el7.x86_64.rpm
-----------------------------------------------------------------------------------------------------------------
Total
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : slang-2.2.4-11.el7.x86_64
  Installing : newt-0.52.15-4.el7.x86_64
  Installing : ntsysv-1.7.6-1.el7.x86_64
  Verifying  : ntsysv-1.7.6-1.el7.x86_64
  Verifying  : newt-0.52.15-4.el7.x86_64
  Verifying  : slang-2.2.4-11.el7.x86_64

Installed:
  ntsysv.x86_64 0:1.7.6-1.el7

Dependency Installed:
  newt.x86_64 0:0.52.15-4.el7

Complete!

 

2. initscript - script that executes inittab commands.

[root@ebf51df9efd8 /]# yum -y install initscripts && yum clean all
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirror.kakao.com
 * extras: mirror.kakao.com
 * updates: mirrors.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package initscripts.x86_64 0:9.49.53-1.el7_9.1 will be installed
--> Processing Dependency: sysvinit-tools >= 2.87-5 for package: initscripts-9.49.53-1.el7_9.1.x86_64
--> Processing Dependency: iproute for package: initscripts-9.49.53-1.el7_9.1.x86_64
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
---> Package sysvinit-tools.x86_64 0:2.88-14.dsf.el7 will be installed
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
 Package                                                          Arch
=================================================================================================================
Installing:
 initscripts                                                      x86_64
Installing for dependencies:
 iproute                                                          x86_64
 iptables                                                         x86_64
 libmnl                                                           x86_64
 libnetfilter_conntrack                                           x86_64
 libnfnetlink                                                     x86_64
 sysvinit-tools                                                   x86_64

Transaction Summary
=================================================================================================================
Install  1 Package (+6 Dependent packages)

Total download size: 1.8 M
Installed size: 5.1 M
Downloading packages:
(1/7): libmnl-1.0.3-7.el7.x86_64.rpm
(2/7): libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
(3/7): iptables-1.4.21-35.el7.x86_64.rpm
(4/7): libnfnetlink-1.0.1-4.el7.x86_64.rpm
(5/7): sysvinit-tools-2.88-14.dsf.el7.x86_64.rpm
(6/7): iproute-4.11.0-30.el7.x86_64.rpm
(7/7): initscripts-9.49.53-1.el7_9.1.x86_64.rpm
-----------------------------------------------------------------------------------------------------------------
Total
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libmnl-1.0.3-7.el7.x86_64
  Installing : libnfnetlink-1.0.1-4.el7.x86_64
  Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64
  Installing : iptables-1.4.21-35.el7.x86_64
  Installing : iproute-4.11.0-30.el7.x86_64
  Installing : sysvinit-tools-2.88-14.dsf.el7.x86_64
  Installing : initscripts-9.49.53-1.el7_9.1.x86_64
  Verifying  : libnfnetlink-1.0.1-4.el7.x86_64
  Verifying  : initscripts-9.49.53-1.el7_9.1.x86_64
  Verifying  : libmnl-1.0.3-7.el7.x86_64
  Verifying  : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64
  Verifying  : iproute-4.11.0-30.el7.x86_64
  Verifying  : sysvinit-tools-2.88-14.dsf.el7.x86_64
  Verifying  : iptables-1.4.21-35.el7.x86_64

Installed:
  initscripts.x86_64 0:9.49.53-1.el7_9.1

Dependency Installed:
  iproute.x86_64 0:4.11.0-30.el7    iptables.x86_64 0:1.4.21-35.el7    libmnl.x86_64 0:1.0.3-7.el7    libnetfilte

Complete!

 

3. net-tool : 네트워크 툴 (ifconfig 명령어)

[root@ebf51df9efd8 /]# yum -y install net-tools
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirror.kakao.com
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
base
extras
updates
(1/4): base/7/x86_64/group_gz
(2/4): base/7/x86_64/primary_db
(3/4): extras/7/x86_64/primary_db
(4/4): updates/7/x86_64/primary_db
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
 Package                                               Arch                                               Version
=================================================================================================================
Installing:
 net-tools                                             x86_64                                             2.0-0.2

Transaction Summary
=================================================================================================================
Install  1 Package

Total download size: 306 k
Installed size: 917 k
Downloading packages:
net-tools-2.0-0.25.20131004git.el7.x86_64.rpm
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.25.20131004git.el7.x86_64
  Verifying  : net-tools-2.0-0.25.20131004git.el7.x86_64

Installed:
  net-tools.x86_64 0:2.0-0.25.20131004git.el7

Complete!

 

4. sudo

[root@ebf51df9efd8 /]# yum -y install sudo
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirror.kakao.com
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package sudo.x86_64 0:1.8.23-10.el7_9.2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
 Package                                             Arch                                                  Versio
=================================================================================================================
Installing:
 sudo                                                x86_64                                                1.8.23

Transaction Summary
=================================================================================================================
Install  1 Package

Total download size: 843 k
Installed size: 3.1 M
Downloading packages:
sudo-1.8.23-10.el7_9.2.x86_64.rpm
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : sudo-1.8.23-10.el7_9.2.x86_64
  Verifying  : sudo-1.8.23-10.el7_9.2.x86_64

Installed:
  sudo.x86_64 0:1.8.23-10.el7_9.2

Complete!

 

5. root 계정의 패스워드 변경

[root@ebf51df9efd8 /]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.

 

6. open-ssh 설치

[root@ebf51df9efd8 /]# yum -y install openssh-server openssh-clients openssh-askpass
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirror.kakao.com
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package openssh-askpass.x86_64 0:7.4p1-22.el7_9 will be installed
...
...
...




Complete!
#최상위 폴더에 ssh keygen
[root@ebf51df9efd8 /]# cd ~
[root@ebf51df9efd8 ~]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:---
The key's randomart image is:
+---[RSA 2048]----+
|*B==..oo.        |
|=o*..oo+ .       |
|.oo+o.+oo .      |
| o=.*  =+.       |
|Eo O + .So       |
|. * + + .o       |
|.o . . .         |
|.                |
|                 |
+----[SHA256]-----+

[root@ebf51df9efd8 ~]# cd .ssh
[root@ebf51df9efd8 .ssh]# cat id_rsa.pub >> authorized_keys
[root@ebf51df9efd8 .ssh]# mkdir /var/run/sshd
[root@ebf51df9efd8 .ssh]# sed -i 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
[root@ebf51df9efd8 .ssh]# vi /etc/ssh/sshd_config
# PermitRootLogin yes 찾아 주석을 해제하고 저장(:wq)

[root@ebf51df9efd8 .ssh]# systemctl start sshd

 

7. 최종 확인

#Ctrl P, Q로 컨테이너 밖으로
[root@ebf51df9efd8 .ssh]# read escape sequence

#host ip 주소가 192.168.0.92 라면,
[minggu92@cloud ~]$ ssh -p 1002 root@192.168.0.92
The authenticity of host '[192.168.0.92]:1002 ([192.168.0.92]:1002)' can't be established.
ECDSA key fingerprint is SHA256:---
ECDSA key fingerprint is MD5:e2:---
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.0.92]:1002' (ECDSA) to the list of known hosts.
root@192.168.0.92's password:
Last login: Thu Mar 17 06:03:38 2022 from 192.168.0.92
#접속완료
[root@ebf51df9efd8 ~]#

 

8. 만약 해당 포트를 열어두지 않았다면 firewall-cmd를 이용해 열어주면 된다.

#방화벽 리스트 확인
[minggu92@cloud ~]$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources:
  services: dhcpv6-client dns http ssh
  ports: 8080/tcp 8443/tcp 53/tcp 53/udp 9100/tcp 
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

#1002 포트 추가
[minggu92@cloud ~]$ firewall-cmd --add-port=1002/tcp --permanent
 
# firewalld 재기동
[minggu92@cloud ~]$ firewall-cmd --reload