Docker simplest alpine sshd

Long time no see, (but who cares?) As I struggled to install and run sshd on alpine linux, I want to share it with you. (I assume you are the one googled docker/alpine/sshd, aren't you?)

Before docker build

need public key to connect server. 
# create id_ed25519 and id_ed25199.pub to current dir.
> sshd-keygen -t ed25519

Dockerfile

FROM alpine

RUN apk add --update --no-cache openssh && \
  rm -rf /tmp/* /var/cache/apk/* && \
  adduser -D user && \
  passwd -u user && \
  # SSHD CONFIG
  { \
    echo "PermitRootLogin prohibit-password"; \
    echo "PasswordAuthentication no"; \
  } >> /etc/ssh/sshd_config && \
  # GENERATE KEYS
  { \
    echo "$PASS=PASS$RANDOM"; \
    echo "PASSWORD for user is $PASS"; \
    echo "echo -e $PASS'\n'$PASS | passwd user"; \
    echo "ssh-keygen -A"; \
    echo 'exec "$@"'; \
  } > /usr/sbin/key_gen.sh
COPY id_ed25519.pub /home/user/.ssh/authorized_keys
RUN chown -R user.user /home/user && \
  chmod 700 /home/user/.ssh && \
  chmod 600 /home/user/.ssh/authorized_keys

ENTRYPOINT ["ash", "/usr/sbin/key_gen.sh"]
CMD ["/usr/sbin/sshd", "-D"]
to build it, 
docker build -t mine/my_sshd_alpine:0.01 .

Running

> docker run -d -p 2222:22 mine/my_sshd_alpine --name my_sshd
or alternatively 
> docker run --it --rm -p 2222:22 mine/my_sshd_alpine --name my_sshd ash
> /usr/sbin/sshd -D -E /var/log/auth.log
to check how it works. On the client, you can connect server by 
> ssh -i id_ed25519 -p 2222 user@locahost

Points are...

  1. use sshd -D option to work as foreground.
  2. user name and password are needed for "PasswordAuthentication no".
  3. without chmod .ssh and .ssh/authorized_keys, authentication fails.
  4. ssh on Mac does not seem to work with id_dsa.

Comments

Post a Comment

Popular posts from this blog

Calling OpenCV functions via Cython from Python 3.X.

I have managed to run OpenCV function from Python3 via Cython today, so I want to write about it. Before you start something like this, you should know you have to read at least header files of C library to write right definition in Cython,because Cython does not do that for you. I am using virtualenv, python from pythonz, and home-brewed OpenCV. Almost everything of C++ works just fine with Cython, but still, you should do some Voodoo things like for integer template argument. ctypedef void* int_parameter ctypedef int_parameter two "2" ctypedef Point_[float, two] Point2f Now, main sample Cython code is following. #===== testopencv.pyx ======== import numpy as np cimport numpy as np # for np.ndarray from libcpp.string cimport string from libc.string cimport memcpy cdef extern from "opencv2/core/core.hpp": cdef int CV_WINDOW_AUTOSIZE cdef int CV_8UC3 cdef extern from "opencv2/core/core.hpp" namespace "cv": cdef cppclass Mat: Ma...
Read more

Showing CPU/Memory usage on tmux status bar(tmuxのステータスバーにCPUとMemoryの使用状況を表示する)

Image
On OSX, to show CPU usage, script is like this. #!/bin/bash top -l 1 | head -n 4 | tail -n 1|awk '{printf "%3d%%\n", $3}' to get Memory Usage, script is like this. #!/bin/bash vm_stat | awk 'BEGIN{FS="[:]+"}{if(NR<7&&NR>1)sum+=$2; if(NR==2||NR==4||NR==5)free+=$2} END{printf "%3d%%\n",100*((sum - free)/sum)}' Name thsese scripts like getCpuUsage.sh/getMemUsage.sh and put them in folder where the $PATH is set. Change their mode to u+x. To show them on tmux status line, .tmux.conf is like set -g status-right '#[fg=blue,bold]#H#[default] #[fg=blue,bold][CPU=#(getCpuUsage.sh) MEM=#(getMemUsage.sh)]#[default]'
Read more

When "sam local start-api" does not mount public folder as "/"...

With aws-sam-cli, I've been experiencing public folder is not mounted as root(/). For example, if we have ./public/index.html file, it should be accessed as "http://localhost:3000/index.html" after  # sam local start-api (You doesn't have to have -s or --static-dir option if public  folder is OK for you) To make it work  Make sure you have the public folder. confirm  Following message on the screen, "Mounting static files from /api/sam-app/public at /" If the message doesn't show even though you have a public folder (which was my case), try remove . aws-sam/build folder. At least it worked for my case. .aws-sam/build is recreated every time sam build is executed, so I use shell script removing the folder before sam local start-api.
Read more