Up to now we use several linux users:
We want to put the system users into docker container.
system_foo
--> container system_foo
The changes inside the servers are not problem, but remote systems use these users to send us data.
We need to make ssh system_foo@server
work. The remote systems can't be changed.
I would be very easy if there would be just one system per linux operating system (pass port 22 to the container). But there are several.
How can we change from the old scheme to docker containers and keep the service ssh system_foo@server
available without changes at the remote site?
Please leave a comment if you don't understand the question. Thank you.
但是请记住,在容器中使用ssh支持通常是一种反模式(除非它只是你的容器'关注',但那么能够ssh的重点是什么。请参阅http://techblog.constantcontact.com / devops / a-tale-of-three-docker-anti-patterns /有关该反模式的信息
nsenter could work for you. First ssh to the host and then nsenter to the container.
PID=$(docker inspect --format {{.State.Pid}} <container_name_or_ID>)`
nsenter --target $PID --mount --uts --ipc --net --pid
source http://jpetazzo.github.io/2014/06/23/docker-ssh-considered-evil/
Judging by the comments, you might be looking for a solution like dockersh
. dockersh
is used as a login shell, and lets you place every user that logins to your instance into an isolated container.
This probably won't let you use sftp
though.
Note that dockersh
includes security warnings in their README, which you'll certainly want to review:
WARNING: Whilst this project tries to make users inside containers have lowered privileges and drops capabilities to limit users ability to escalate their privilege level, it is not certain to be completely secure. Notably when Docker adds user namespace support, this can be used to further lock down privileges.
Some months ago, I helped my like this. It's not nice, but works. But pub-key auth needs to be used.
Script which gets called via command
in .ssh/authorized_keys
#!/usr/bin/python
import os
import sys
import subprocess
cmd=['ssh', 'user@localhost:2222']
if not 'SSH_ORIGINAL_COMMAND' in os.environ:
cmd.extend(sys.argv[1:])
else:
cmd.append(os.environ['SSH_ORIGINAL_COMMAND'])
sys.exit(subprocess.call(cmd))
file system_foo@server: .ssh/authorized_keys
command="/home/modwork/bin/ssh-wrapper.py" ssh-rsa AAAAB3NzaC1yc2EAAAAB...
If the remote system does ssh system_foo@server
the SSH-Daemon at server
executes the comand given in .ssh/authorized_keys
. This command does a ssh to a different ssh-daemon.
In the docker container, there needs to run ssh-daemon which listens on port 2222.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.