发表新帖
发表新帖

docker: SSH access directly into container

后端 未结
关注
4 1125
孤城傲影
孤城傲影 2021-01-06 07:41

Up to now we use several linux users:

  • system_foo@server
  • system_bar@server
  • ...

We want to put the system users into docker cont

相关标签:
4条回答
  • 隐瞒了意图╮
    2021-01-06 07:49

    Some months ago, I helped my like this. It's not nice, but works. But pub-key auth needs to be used.

    Script which gets called via command in .ssh/authorized_keys

    #!/usr/bin/python
import os
import sys
import subprocess
cmd=['ssh', 'user@localhost:2222']
if not 'SSH_ORIGINAL_COMMAND' in os.environ:
    cmd.extend(sys.argv[1:])
else:
    cmd.append(os.environ['SSH_ORIGINAL_COMMAND'])
sys.exit(subprocess.call(cmd))

    file system_foo@server: .ssh/authorized_keys

    command="/home/modwork/bin/ssh-wrapper.py" ssh-rsa AAAAB3NzaC1yc2EAAAAB...

    If the remote system does ssh system_foo@server the SSH-Daemon at server executes the comand given in .ssh/authorized_keys. This command does a ssh to a different ssh-daemon.

    In the docker container, there needs to run ssh-daemon which listens on port 2222.

    0 讨论(0)
  • 遇见更好的自我
    2021-01-06 07:54

    Let's remember however that having ssh support in a container is typically an anti-pattern (unless it's your container only 'concern' but then what would be the point of being able to ssh in. Refer to http://techblog.constantcontact.com/devops/a-tale-of-three-docker-anti-patterns/ for information about that anti-pattern

    0 讨论(0)
  • 抹茶落季
    2021-01-06 07:56

    nsenter could work for you. First ssh to the host and then nsenter to the container.

    PID=$(docker inspect --format {{.State.Pid}} <container_name_or_ID>)`
nsenter --target $PID --mount --uts --ipc --net --pid

    source http://jpetazzo.github.io/2014/06/23/docker-ssh-considered-evil/

    0 讨论(0)
  • 小鲜肉
    2021-01-06 08:05

    Judging by the comments, you might be looking for a solution like dockersh. dockersh is used as a login shell, and lets you place every user that logins to your instance into an isolated container.

    This probably won't let you use sftp though.

    Note that dockersh includes security warnings in their README, which you'll certainly want to review:

    WARNING: Whilst this project tries to make users inside containers have lowered privileges and drops capabilities to limit users ability to escalate their privilege level, it is not certain to be completely secure. Notably when Docker adds user namespace support, this can be used to further lock down privileges.

    0 讨论(0)
 看不清?
提交回复
热议问题