Dockerize用户会话 [英] Dockerize user sessions

问题描述

我正在寻找有关如何在Linux中对用户会话进行docker化的帮助。我要寻找的是如何做到这一点，以便当某人通过ssh进入帐户并执行任何操作时，在退出时所做的任何事情都无法保存；

I am looking for some help on how to dockerize user sessions in Linux. What I am looking for is how would I make it so when someone ssh's into an account and does anything, when they exit anything they did isn't saved; it's how I have it set up next time someone else ssh's into it.

这是我为CTF活动安排的任务，实际上我对大多数情况一无所知对我来说，整个过程中要做的事情对我来说是一种学习经历。

It's for a CTF event I've been tasked with setting up and with really no knowledge of most of what I have to do this whole process is a learning experience for me.

以下是对我希望如何设置它的一个很好的解释： http://overthewire.org/help/sshinfra.html

A good explanation of how I am hoping to have it set up is explained here: http://overthewire.org/help/sshinfra.html

推荐答案

因此，您可以通过为用户创建一个新的基于docker的shell来做到这一点

So you can do that by creating a new docker based shell for the user

用户

首先，我们使用以下命令创建用户

First we create the user using below command

sudo useradd --create-home --shell /usr/local/bin/dockershell tarun 
echo "tarun:tarunpass" | sudo chpasswd
sudo usermod -aG docker tarun

创建外壳

接下来创建一个外壳文件 / usr / local / bin / dockershell

Next create a shell file /usr/local/bin/dockershell

#!/bin/bash

docker run -it --rm ubuntu:latest /bin/bash

然后 chmod + x / usr / local / bin / dockershell 。现在，您可以使用新用户SSH到您的vm

And then chmod +x /usr/local/bin/dockershell. Now you can ssh to your vm with the new user

$ ssh tarun@vm
tarun@vm's password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-66-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.


Last login: Sun Oct  1 06:50:06 2017 from 192.168.33.1
Starting shell for tarun
root@79c12f002708:/#

这将我带到Docker容器，并且未保存任何会话更改。如果您想进一步保护它，应该重新映射用户名称空间

This takes me to the docker container and no session changes are saved. If you want to secure it even more, you should be user namespace remapping

https://success.docker.com/KBase/Introduction_to_User_Namespaces_in_Docker_Engine

这篇关于Dockerize用户会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！