/docker-sshd

Dockerfile wrapping `sshd`.

Primary LanguageDockerfileApache License 2.0Apache-2.0

docker-sshd

Synopsis

This docker container runs sshd so that ssh and scp can be used for remote access.

Overview

In many cases, the functionality of ssh and scp are already supported. Examples:

  1. Docker: docker exec and docker cp
  2. Kubernetes: kubectl exec and kubectl cp
  3. OpenShift: oc exec and oc cp

But there are environments where there is no ability to "exec" nor "cp". In these environments, a senzing/sshd docker container can be used provide "exec" and "cp" capabilities via ssh and scp. Examples:

  1. AWS Elastic Container Service (ECS)

Contents

  1. Legend
  2. Expectations
  3. Demonstrate using Docker
    1. Prerequisites for Docker
    2. SSH port
    3. Set sshd password
    4. Run Docker container
    5. SSH into container
  4. Configuration
  5. License
  6. References

Legend

  1. 🤔 - A "thinker" icon means that a little extra thinking may be required. Perhaps there are some choices to be made. Perhaps it's an optional step.
  2. ✏️ - A "pencil" icon means that the instructions may need modification before performing.
  3. ⚠️ - A "warning" icon means that something tricky is happening, so pay attention.

Expectations

  • Space: This repository and demonstration require 1 GB free disk space.
  • Time: Budget 40 minutes to get the demonstration up-and-running, depending on CPU and network speeds.
  • Background knowledge: This repository assumes a working knowledge of:

Demonstrate using Docker

Prerequisites for Docker

🤔 The following tasks need to be complete before proceeding. These are "one-time tasks" which may already have been completed.

  1. The following software programs need to be installed:
    1. docker

SSH port

🤔 Normally port 22 is already in use for ssh. So a different port may be needed by the running docker container.

  1. 🤔 Optional: See if port 22 is already in use. Example:

    sudo lsof -i -P -n | grep LISTEN | grep :22

  2. ✏️ Choose port for docker container. Example:

    export SENZING_SSHD_PORT=922

  3. Construct parameter for docker run. Example:

    export SENZING_SSHD_PORT_PARAMETER="--publish ${SENZING_SSHD_PORT:-22}:22"

Set sshd password

🤔 Optional The default password set for the sshd containers is senzingsshdpassword. However, this can be set by setting the following variable

✏️ Set the SENZING_SSHD_PASSWORD variable to change the password to access the sshd container

export SENZING_SSHD_PASSWORD=<Pass_You_Want>

Run Docker container

Although the Docker run command looks complex, it accounts for all of the optional variations described above. Unset *_PARAMETER environment variables have no effect on the docker run command and may be removed or remain.

  1. Run Docker container. Example:

    sudo docker run \
  --env ROOT_PASSWORD=${SENZING_SSHD_PASSWORD} \
  --interactive \
  --rm \
  --tty \
  ${SENZING_SSHD_PORT_PARAMETER} \
  senzing/sshd

SSH into container

  1. ✏️ Identify the host running the senzing/sshd container. Example:

    SENZING_SSHD_HOST=localhost

  2. ssh into the running docker container. Example:

    ssh root@${SENZING_SSHD_HOST} -p ${SENZING_SSHD_PORT:-22}

  3. The default password is senzingsshdpassword. However, if the docker image was built locally, it may have been changed during docker build. See Build Docker Image.

  4. 🤔 Optional: If senzing/sshd has been deployed multiple times, the following message may appear when ssh-ing into the container:

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    This is a good thing, it's mean to prevent man-in-the-middle attacks. However in this case, it prevents access to ever-changing docker containers. The message usually shows a remedy. Example:

    ssh-keygen -f "/home/senzing/.ssh/known_hosts" -R "[localhost]:922"

Configuration

Configuration values specified by environment variable or command line parameter.

License

View license information for the software container in this Docker image. Note that this license does not permit further distribution.

This Docker image may also contain software from the Senzing GitHub community under the Apache License 2.0.

Further, as with all Docker images, this likely also contains other software which may be under other licenses (such as Bash, etc. from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

References