8

I created a docker image which is subjected to test to login into container with SSH. However when I try to ssh into the container, I was asked the root password. Any ideas to get around it.

Dockerfile

FROM ubuntu:trusty

RUN apt-get update

RUN apt-get install -y openssh-server supervisor vim build-essential git
RUN mkdir -p /var/run/sshd
ADD supervisord/sshd.conf /etc/supervisor/conf.d/sshd.conf
RUN echo 'root:root' | chpasswd

EXPOSE 22
CMD ["/usr/bin/supervisord"]

supervisord/sshd.conf

[supervisord]
nodaemon=true

[program:sshd]
command=/usr/sbin/sshd -D
Toshi
  • 6,012
  • 8
  • 35
  • 58

1 Answers1

13

You need to add your public key to the container root/.ssh/authorized_keys

If sshd does not find your public key there, it will fallback to username/password authentication.

An example would be "Setting ssh public keys on Docker image", but I don't like it as it means the container has the private key (it does not need it)

It is best to:

  • generate your public/private key locally.
  • add a COPY yourPublicKey /root/.ssh/authorized_keys in your Dockerfile

That generates an image whose containers will be able to be accessed by ssh.

Make sure that, on your host, your $HOME/.ssh does have the private key id_rsa and public key id_rsa.pub.

That enables ssh authentication between your docker host and your docker container, following the general (ie., not specific to docker) ssh authentication mechanism shown here:

http://sebastien.saunier.me/images/posts/SSH%20Connection%20explained.png

(source "GitHub public key authentication", from Sébastien Saunier ‏- @ssaunier)

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • 1
    Thanks for the answer, but if I want to let people login without ssh. I mean with only password. Is that possible? – Toshi May 11 '16 at 12:08
  • @Toshi your question was about to use ssh, not to use username/password, wasn't it? – VonC May 11 '16 at 12:27
  • 1
    Yes, but I'm just curious about that. Because there are 2 ways to login with ssh. 1. Public authentication key 2. username/password. When I tried with username/password, I got asked password, and I couldn't login ( I don't know the exact password. ). – Toshi May 11 '16 at 12:41
  • 1
    @Toshi that make sense. root is not an account you can log on through username/password. Hence the need for your public key to be at the right spot if you want your ssh session to authenticate successfully. – VonC May 11 '16 at 12:44
  • Thank you. So you mean with a public key it is easier as you explained but I probably have to create user/password in a container for username/password auth. Am I correct? – Toshi May 11 '16 at 12:49
  • @Toshi No: if you setup an ssh daemon in your container, that means no username/password should ever be needed. That is how ssh is supposed to work: you keep your private key to yourself, and publish the public key (which will allow to authenticate you) to the user account of the remote machine you want to connect to. – VonC May 11 '16 at 12:53
  • @Toshi See http://sebastien.saunier.me/blog/2015/05/10/github-public-key-authentication.html as a concrete illustration of how ssh is working. Also https://scotch.io/tutorials/how-to-setup-ssh-public-key-authentication is a good read. – VonC May 11 '16 at 12:54
  • Thank you so much. Now I could figured out. – Toshi May 12 '16 at 00:25
  • @VonC Is it possible to set username and passwords for docker containers and use them docker exec command?? – vishal Mar 12 '20 at 09:54
  • 1
    @vishal.k I am not familiar with the need for credentials regarding docker exec. Maybe you can put this comment as a separate question, for the community to have a look? – VonC Mar 12 '20 at 12:33