Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/europ/docker-centos-sshd-systemd

Docker image for CentOS including SSHD and SystemD.
https://github.com/europ/docker-centos-sshd-systemd

centos docker dockerhub ssh sshd systemd

Last synced: 5 months ago
JSON representation

Docker image for CentOS including SSHD and SystemD.

Awesome Lists containing this project

README 

          
[![Docker Build Status](https://img.shields.io/docker/cloud/build/europ/docker-centos-sshd-systemd.svg?label=Docker%20Build&logo=docker)](https://hub.docker.com/r/europ/docker-centos-sshd-systemd/builds)



# docker-centos-sshd-systemd



Docker image for CentOS including SSHD and SystemD.



## Specifications



##### OS



* SSHD

* systemd



##### Users



* username=`root`, password=`root`

* username=`user`, password=`user`

    * passwordless sudo user

    * owns SSH key



##### SSHD



* root login is not permitted

* password authentification is not permitted

* user authentification is passwordless via SSH key

    * ssh public key `./secret/ssh/sshkey.pub` is imported into container



##### SSH-key



* passphrase is unset

* owned by user



## Usage - from dockerhub



##### Quick run



```sh

# pull

docker pull europ/docker-centos-sshd-systemd



# run

docker run --tty --detach --privileged --publish 22:22 --label="xyz" -v /sys/fs/cgroup:/sys/fs/cgroup:ro europ/docker-centos-sshd-systemd



# add your custom ssh key

docker cp /path/to/your/sshkey.PUBLIC :/home/user/.ssh/authorized_keys



# test

ssh -i /path/to/your/sshkey.PRIVATE user@ '[ "`ps --no-headers -p 1 -o comm`" == "systemd" ]'

```



##### Customization



* it is important to add `CMD ["/usr/sbin/init"]` command as the last one



```sh

FROM europ/docker-centos-sshd-systemd



# EXAMPLE

RUN yum -y install httpd

RUN systemctl enable httpd.service

EXPOSE 80



# it is important to include the below command as the last one

CMD ["/usr/sbin/init"]

```



## Usage - from scratch



##### Build



```sh

docker build --rm --tag=abc --label="xyz" .

```



##### Run



* note the important **`--privileged`** parameter

* add additional `--publish :` if needed



```sh

docker run --tty --detach --privileged --publish 22:22 --label="xyz" -v /sys/fs/cgroup:/sys/fs/cgroup:ro abc

```



##### Work



```sh

# get container ID

CONTAINER_ID=$(docker ps --quiet --all --filter "status=running" --filter "label=xyz")



# get container IP

CONTAINER_IP=$(docker inspect ${CONTAINER_ID} | grep -E '^\s*"IPAddress": ".*$' | grep -ohE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | head -1)



# connect to the running container

ssh -i ./secret/ssh/sshkey user@${CONTAINER_IP}

```



##### Stop



```sh

docker stop `docker ps --quiet --all --filter "status=running" --filter "label=xyz"`

```



## FAQ



##### Warning: Remote host identification has changed



* warning output:



```txt

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

SHA256:xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxx.

Please contact your system administrator.

Add correct host key in /home/${USER}/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /home/${USER}/.ssh/known_hosts:2

  remove with:

  ssh-keygen -f "/home/${USER}/.ssh/known_hosts" -R "172.17.0.2"

ECDSA host key for 172.17.0.2 has changed and you have requested strict checking.

Host key verification failed.

```



* solution:



```sh

ssh-keygen -f "/home/${USER}/.ssh/known_hosts" -R ""

```



##### How to change the placeholding SSH keys?



* method: one docker command

    1. copy the ssh public key to container via `docker cp /path/to/your/sshkey.pub :/home/user/.ssh/authorized_keys`

* method: new image build

    1. clone this repository

    1. change the ssh key files in `./secret/ssh/sshkey`

    1. build it (follow the usage instruction from [*Build* section](#build))



## Further Reading



Container problem relater to systemd:



* 



CentOS7 container including only systemd:



* 



How to run systemd in a container:



* 



Dockerize an SSH service:



* 



## Contribution



Feel free to open an [issue](https://github.com/europ/docker-centos-sshd-systemd/issues) or a [change request](https://github.com/europ/docker-centos-sshd-systemd/pulls) in this repository in case of a bug, problem, request for enhancement, feature idea, suggestion, etc.