在Docker图像上设置ssh公钥 [英] Setting ssh public keys on Docker image

问题描述

我设置了支持ssh的Docker映像。没问题，很多例子。但是，大多数示例显示使用passwd设置密码。我想分发我的形象。有一个固定的密码，特别是root，似乎是一个漏洞的安全漏洞。对我来说，更好的是使用root设置没有密码的映像。当用户获取图像时，他们会将其公共ssh文件复制到/root/.ssh/authorized_keys文件中。

I setup a Docker image that supports ssh. No problem, lots of examples. However, most examples show setting a password using passwd. I want to distribute my image. Having a fixed password, especially to root, seems like a gaping security hole. Better, to me, is to setup the image with root having no password. When a user gets the image they would then copy their public ssh file to the image /root/.ssh/authorized_keys file.

有没有推荐的方法？

Is there a recommended way to do this?

1. 使用用户可以编辑的ADD命令
   提供构建在我的图像上的Docker文件？


2. 提供一个运行类似cat〜/ .ssh / authorized_keys | docker run -i sh -c'cat> root / .ssh / authorized_keys的shell脚本？
   

1. Provide a Dockerfile that builds on my image with an ADD command that user can edit?
2. Provide a shell script that runs something like "cat ~/.ssh/authorized_keys | docker run -i sh -c 'cat > root/.ssh/authorized_keys"?

推荐答案

如何生成私钥并显示给用户？

What about generating a private key and display it to the user?

我将此片段用作图像的entrypoint脚本的一部分：

I use this snippet as part of the entrypoint script for an image:

KEYGEN=/usr/bin/ssh-keygen
KEYFILE=/root/.ssh/id_rsa

if [ ! -f $KEYFILE ]; then
  $KEYGEN -q -t rsa -N "" -f $KEYFILE
  cat $KEYFILE.pub >> /root/.ssh/authorized_keys
fi

echo "== Use this private key to log in =="
cat $KEYFILE

这篇关于在Docker图像上设置ssh公钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！