logo标签列表

为什么Docker看不到主机密钥?sshd:无可用主机密钥--退出。

dockerssh
4

在我的Jenkins文件夹中,我有

-rw-rw-r--  1 miki miki  411 Oct 12 12:45 docker-compose.yml
-rw-rw-r--  1 miki miki   36 Sep 23 11:08 Dockerfile
drwxrwxr-x  8 miki miki 4096 Sep 23 13:24 .git/
drwxr-xr-x 18 root root 4096 Oct 12 12:46 jenkins_home/
drwxrwxr-x  8 miki miki 4096 Sep 23 13:23 react-app/

docker-compose的输出如下:

services:

  jenkins:
    build: .
    container_name: jenkins
    privileged: true
    restart: always
    ports:
      - 8080:8080
    volumes:
      - ./jenkins_home:/var/jenkins_home
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/bin/docker
  
  remote_host:
    container_name: remote_host
    image: remote_host
    build: 
      context: ../udemyjenkins/

当我选择标准选项时
docker-compose up -d

I got

Creating network "evhenybristov_default" with the default driver
Creating jenkins     ... done
Creating remote_host ... done

但是remote_host容器已经停止运行。

docker inspect remote_host
[
    {
        "Id": "2ab29c5ecf2b67e085e714b21bbfd092024e0d20d5c854c737f459002f7847ca",
        "Created": "2022-10-12T10:45:54.594448184Z",
        "Path": "/usr/sbin/sshd",
        "Args": [
            "-D"
        ],
        "State": {
            "Status": "exited",
            "Running": false,

我的目标是从Jenkins到远程主机进行ssh连接。 其他Dockerfile(udemyjenkins)

FROM ubuntu:latest
RUN apt update
RUN apt install -y openssh-server sudo vim-tiny

RUN useradd -ms /bin/bash -g root -G sudo -u 1000 remote_user
RUN  echo 'remote_user:ae******' | chpasswd -c SHA256

RUN service ssh start
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
RUN bash -c 'install -m755 <(printf "#!/bin/sh\nexit 0") /usr/sbin/policy-rc.d'
RUN ex +'%s/^#\zeListenAddress/\1/g' -scwq /etc/ssh/sshd_config
RUN ex +'%s/^#\zeHostKey .*ssh_host_.*_key/\1/g' -scwq /etc/ssh/sshd_config
RUN RUNLEVEL=1 dpkg-reconfigure openssh-server
RUN ssh-keygen -A -v
RUN update-rc.d ssh defaults

RUN ex +"%s/^%sudo.*$/%sudo ALL=(ALL:ALL) NOPASSWD:ALL/g" -scwq! /etc/sudoers

USER remote_user

RUN ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]

我删除了图片并重新运行。现在我有了一张新的图片,但问题仍然存在。
docker logs remote_host
Unable to load host key: /etc/ssh/ssh_host_rsa_key
Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Unable to load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.

有什么问题吗?

2
与您的问题无关,但是您Dockerfile中的所有服务相关命令(service ssh startupdate-rc.d ssh defaults)都不起作用:在容器中没有运行服务管理器。 - larsks
1个回答
2

您正在以用户remote_user身份运行sshd命令,因此无法访问仅由root提供的主机密钥:

$ ls -l /etc/ssh/ssh_host_*key
-rw------- 1 root root 1381 Oct 12 12:06 /etc/ssh/ssh_host_dsa_key
-rw------- 1 root root  513 Oct 12 12:03 /etc/ssh/ssh_host_ecdsa_key
-rw------- 1 root root  411 Oct 12 12:03 /etc/ssh/ssh_host_ed25519_key
-rw------- 1 root root 2602 Oct 12 12:03 /etc/ssh/ssh_host_rsa_key

看起来这是Dockerfile中的一个简单错误;在为remote_user创建ssh密钥后,您需要重置USER值:

USER remote_user
RUN ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

# Reset user to root
USER root

EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接