【发布时间】:2019-12-19 18:38:35
【问题描述】:
我正在尝试将 SSH 代理(使用 VPN)服务器作为容器迁移到 docker。
有效的现有代理命令:
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q awx-user@ssh.local"'
我的 Dockerfile:
FROM ubuntu:latest
RUN apt-get update -y
RUN apt-get install -y nano \
iputils-ping \
telnet \
net-tools \
iptables \
iproute2 \
ssh \
sudo \
openssh-server
RUN mkdir /var/run/sshd
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
RUN \
groupadd -g 999 awx && useradd -u 999 -g awx -G sudo -m -s /bin/bash awx-user && \
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' && \
echo "awx-user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
echo "Customized the sudoers file for passwordless access to the awx-user user!" && \
echo "awx-user user:"; su - awx-user -c id
RUN mkdir -p /home/awx-user/.ssh
COPY awx_id_rsa /home/awx-user/.ssh/id_rsa
RUN echo "IdentityFile /home/awx-user/.ssh/id_rsa" >> /etc/ssh/ssh_config
RUN apt-get clean
USER awx-user
RUN sudo chown awx-user:awx /home/awx-user/.ssh
RUN sudo chown awx-user:awx /home/awx-user/.ssh/id_rsa
RUN sudo chmod 700 /home/awx-user/.ssh
RUN sudo chmod 600 /home/awx-user/.ssh/id_rsa
RUN ssh-keyscan awx2.tmnet.dk > /home/awx-user/.ssh/known_hosts
RUN mkdir /home/awx-user/motionpro
RUN mkdir /home/awx-user/motionpro/app
COPY MotionPro_Linux_Ubuntu_x64_v1.2.5.sh /home/awx-user/motionpro/MotionPro_Linux_Ubuntu_x64_v1.2.5.sh
RUN sudo chmod +x /home/awx-user/motionpro/MotionPro_Linux_Ubuntu_x64_v1.2.5.sh
RUN printf '%s\n' '#!/bin/bash' 'exit 0' | sudo tee -a /etc/rc.local
RUN sudo chmod +x /etc/rc.local
WORKDIR /home/awx-user
EXPOSE 22
Docker 运行:
docker run --user awx-user --hostname motionpro --name motionpro --privileged --network awxcompose901_default -p 2201:22 --device /dev/net/tun --cap-add NET_ADMIN --sysctl net.ipv6.conf.all.disable_ipv6=0 -t -d motionpro /bin/bash -c "sudo ./motionpro/MotionPro_Linux_Ubuntu_x64_v1.2.5.sh --target /home/awx-user/motionpro/app > /dev/null && sudo /usr/sbin/sshd -D && bash"
将代理命令更改为:
ansible_ssh_common_args: '-o ProxyCommand="ssh -p 2201 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q awx-user@awx.local"'
但是我无法连接。我从其他 dockerfiles 拿了一堆东西,但不知道如何解决了。有人有建议吗?
【问题讨论】:
-
I am unable to connect有点模糊。查看为什么无法连接总是一个好主意,将-vv添加到 ssh 并显示输出。顺便提一句。你应该先用 minimal example/dockerfile 试试 -
@jeb 你是对的。有时我认为 stackoverflow 充满了可以轻松发现原因的专家。我将简化并检查详细输出。
标签: docker ssh dockerfile