使用 dockerfile 生成 ssh 密钥 [英] ssh key generation using dockerfile
问题描述
我在几个项目中使用 Docker,其中一个要求是使用 Docker 文件生成 ssh 密钥,以便在构建容器时生成一对 rsa 密钥.我已经看到了一些通过以下方式生成密钥的示例.sh 文件和 Dockerfile 具有运行该 .sh 文件的通用性.有没有办法我们可以直接在 Dockerfile 中而不是 .sh 中进行操作
I am using Docker for few of my projects, where one requirement is to generate ssh keys using Docker file, so that when the container builds it will generate a pair of rsa keys.I have seen some examples where key generation happens via .sh file and Dockerfile has the commond to run that .sh file. Is there a way we can do it directly in Dockerfile instead of .sh
目前我在 Dockerfile 中使用以下内容来生成 ssh 密钥对.但这给了我错误说/bin/sh ssh-keygen not found"
Currently I am using following in Dockerfile to generate ssh key pair. But this gives me error saying "/bin/sh ssh-keygen not found"
RUN ssh-keygen -q -t rsa -N '' -f /home/docker/.ssh/id_rsa
如果有人能提供实现相同目标的方法,那将非常有帮助.
will be really very helpful if someone can provide a way to achieve the same.
谢谢,亚什
推荐答案
问题是你的容器中还没有 ssh-keygen.这可以很容易地解决,例如通过在 ubuntu 基础镜像上安装 openssl-client 包.
The problem is that ssh-keygen is not available in your container yet. This can be easily solved, for example by installing the openssl-client package on a ubuntu base image.
以下 Dockerfile 正是这样做的,并将密钥放在容器的根文件夹中
The following Dockerfile does precisely that and places a key in the container's root folder
FROM ubuntu:latest
RUN apt-get -y install openssh-client
RUN ssh-keygen -q -t rsa -N '' -f /id_rsa
但请阅读:我强烈的建议是根本不要将密钥、证书放入容器的文件系统中!这可能会导致严重的安全风险,因为基本上任何获得容器镜像的人都可以在密钥有效的服务上验证自己;它迫使您像对待加密密钥和证书一样小心处理容器映像!
BUT READ THIS: My strong advice is not to place keys, certificates whatsoever into the container's file system at all! This might lead to strong security risks, as essentially anyone who obtains the container image can authenticate himself at services the key is valid for; it forces you to handle container images with the same care you would treat cryptographic keys and certificates!
因此,建议将密钥放在容器外.这可以通过使用 Docker VOLUMES 轻松实现;并且您只需在启动 Docker 容器时将一个包含密钥/容器的卷挂载到 Docker 容器中.
Hence, it is advisable to keep the keys outside of the container. This can be easily achieved by using Docker VOLUMES; and you'd simply mount a volume holding keys/containers into the Docker container when launching it.
在容器外创建密钥下面的 Dockerfile 会在容器启动后创建密钥,它可以用于在容器文件系统之外创建密钥
CREATING KEYS OUTSIDE THE CONTAINER The following Dockerfile does instead create the key once the container is started, and it may be used to create the key outside the container's file system
FROM ubuntu:latest
RUN apt-get -y install openssh-client
CMD ssh-keygen -q -t rsa -N '' -f /keys/id_rsa
首先,使用以下命令构建容器:
First, build the container with the following command:
docker build -t keygen-container .
使用启动容器
docker run -v /tmp/:/keys keygen-container
将在/tmp 中的主机上创建一个密钥.
will create a key on the host in /tmp.
这篇关于使用 dockerfile 生成 ssh 密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
