Mar 5, 2017

Docker simplest alpine sshd

Long time no see, (but who cares?) As I struggled to install and run sshd on alpine linux, I want to share it with you. (I assume you are the one googled docker/alpine/sshd, aren't you?)

Before docker build

need public key to connect server.
# create id_ed25519 and id_ed25199.pub to current dir.
> sshd-keygen -t ed25519

Dockerfile

FROM alpine

RUN apk add --update --no-cache openssh && \
  rm -rf /tmp/* /var/cache/apk/* && \
  adduser -D user && \
  passwd -u user && \
  # SSHD CONFIG
  { \
    echo "PermitRootLogin prohibit-password"; \
    echo "PasswordAuthentication no"; \
  } >> /etc/ssh/sshd_config && \
  # GENERATE KEYS
  { \
    echo "$PASS=PASS$RANDOM"; \
    echo "PASSWORD for user is $PASS"; \
    echo "echo -e $PASS'\n'$PASS | passwd user"; \
    echo "ssh-keygen -A"; \
    echo 'exec "$@"'; \
  } > /usr/sbin/key_gen.sh
COPY id_ed25519.pub /home/user/.ssh/authorized_keys
RUN chown -R user.user /home/user && \
  chmod 700 /home/user/.ssh && \
  chmod 600 /home/user/.ssh/authorized_keys

ENTRYPOINT ["ash", "/usr/sbin/key_gen.sh"]
CMD ["/usr/sbin/sshd", "-D"]

to build it,
docker build -t mine/my_sshd_alpine:0.01 .

Running

> docker run -d -p 2222:22 mine/my_sshd_alpine --name my_sshd
or alternatively
> docker run --it --rm -p 2222:22 mine/my_sshd_alpine --name my_sshd ash
> /usr/sbin/sshd -D -E /var/log/auth.log
to check how it works. On the client, you can connect server by
> ssh -i id_ed25519 -p 2222 user@locahost

Points are...

  1. use sshd -D option to work as foreground.
  2. user name and password are needed for "PasswordAuthentication no".
  3. without chmod .ssh and .ssh/authorized_keys, authentication fails.
  4. ssh on Mac does not seem to work with id_dsa.

No comments: