通过ssh连接到在CentOS 7上的jhipster docker容器 [英] connect via ssh to jhipster docker container on CentOS 7

问题描述

我已经安装了docker（ version 0.11.1-dev，build 02d20af / 0.11.1 ）;似乎是最新的在任何情况下为CentOS 7（ yum更新docker 说没有更新）。

根据 jhipster网站上的安装说明，我提取了当前图片并执行：

  sudo docker run -v〜/ jhipster：/ jhipster -p 8080：8080 -p 9000：9000 -p 4022：22 -t  - 名称jhipster jdubois / jhipster-docker 
  

映像运行正常。但是，我无法通过 ssh 连接。如果我使用详细选项运行 ssh ：

  ssh -vv -p 4022 jhipster @ localhost 
  

我得到：

  OpenSSH_6.4，OpenSSL 1.0.1e-fips 2013年2月11日
 debug1：读取配置数据/ etc / ssh / ssh_config 
 debug1：/ etc / ssh / ssh_config第51行： * 
 debug2：ssh_connect：needpriv 0 
 debug1：连接到localhost [:: 1]端口4022. 
 debug1：建立连接。 
 debug1：身份文件/home/normunds/.ssh/id_rsa类型1 
 debug1：身份文件/home/normunds/.ssh/id_rsa-cert类型-1 
 debug1：身份文件/ home / normunds / .ssh / id_dsa type -1 
 debug1：identity文件/home/normunds/.ssh/id_dsa-cert类型-1 
 debug1：身份文件/home/normunds/.ssh/id_ecdsa类型-1 
 debug1：identity文件/home/normunds/.ssh/id_ecdsa-cert类型-1 
 debug1：为协议2.0启用兼容模式
 debug1：本地版本字符串SSH-2.0- OpenSSH_6.4 
 debug1：远程协议版本2.0，远程软件版本OpenSSH_6.6p1 Ubuntu-2ubuntu1 
 debug1：match：OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH * 
 debug2：fd 3设置O_NONBLOCK 
 debug1：SSH2_MSG_KEXINIT sent 
关闭的连接:: 1 
  

尝试到达另一个Ubuntu主机，我收到相同的序列（除了主机，端口和OpenSSH版本），而不是最后一行与连接关闭它有：

  debug1：SSH2_MSG_KEXINIT收到
  

，最终连接成功。 / p>

我已尝试通过 localhost：4022 ， ip-of-container：22 从本地或远程主机具有相同的结果。

所以问题似乎在容器或docker（或最终ubuntu设置在docker）。但 docker top jhipster 向我显示 sshd 正在运行，是的，跟踪显然显示我到达了 ssh 服务器。

任何想法？

已编辑进入命令行，然后在调试模式下运行 sshd ：

sudo docker run -v〜/ projects： jhipster -p 8080：8080 -p 9000：9000 -p 4022：22 -t -i --name jhipster jdubois / jhipster-docker / bin / bash

/ sbin / sshd -d

以进一步调试。连接尝试 sshd 失败，并显示以下内容：

chroot（/ var / run / sshd）：允许[preauth]

解决方案

1） ssh p>

CentOS 7
看来问题是CentOS 7 存储库只有一个旧的Docker版本; 和 Ubuntu 都使用版本1.1.2。通过使用命令行选项运行映像（如在OP的编辑部分中），然后运行

，可以绕过 上的问题：

sed's / UsePrivilegeSeparation yes / UsePrivilegeSeparation no /'-i / etc / ssh / sshd_config

/ usr / sbin / sshd

CentOS 6
当在CentOS 6中测试 / em> 1.1.2，我没有相同的问题（ ssh 连接更进一步，因此我假设在 CentOS 7 上的错误是由 以及容器端 PAM：pam_open_session（） ：不能为指定的会话创建/删除条目

。

这看起来与 [FIXED] ubuntu 14.04容器与ssh登录问题＃5663 。即使它被标记为固定。在任何情况下，我尝试的线程中提到的解决方案之一足以解决我的 ssh 连接问题：

sed'/pam_loginuid.so/s/^/#/g'-i /etc/pam.d / *

看起来，它也足以运行：

sed's / UsePAM yes / UsePAM no /'-i / etc / ssh / sshd_config

，但我没有尝试这个选项。

结束：可通过使用命令行运行映像来修复CentOS上的 ssh 连接

sudo docker run -v〜/ projects：/ jhipster -p 8080：8080 -p 9000：9000 -p 4022：22 -t -i --name jhipster jdubois / jhipster-docker / bin / bash

然后如上所述为CentOS 6 / CentOS 7提供不同的修复程序，然后

/ usr / sbin / sshd

2）此时我们可能会问： ssh ？一旦我们到达命令行，我们需要做的是：

  su jhipster 
 cd / jhipster 
 yo jhipster 
  

向右？几乎是这样，但在这里我们有另一个问题。在两种CentOS版本上都是不同的。 如果我们通过 ssh 连接，它也会出现。

在 CentOS 7 > Docker 版本，我们需要修改主机目录的 selinux 上下文（在我们的例子中是〜/ jhipster）：

chcon -Rt svirt_sandbox_file_t〜/ jhipster

在 CentOS 6 svirt_sandbox_file_t 不作为选项存在），但是容器中的共享文件夹对用户 jhipster 不可用。我们首先是根，需要执行：

chown jhipster：jhipster / jhipster

然后已经：

  su jhipster 
 cd / jhipster 
 yo jhipster 
  

I have installed docker (version 0.11.1-dev, build 02d20af/0.11.1); seems to the latest available in any case for CentOS 7 (yum update docker says there are no updates).

As per installation instructions on jhipster site I've pulled the current image and run:

sudo docker run -v ~/jhipster:/jhipster -p 8080:8080 -p 9000:9000 -p 4022:22 -t --name jhipster jdubois/jhipster-docker

The image is running OK. However I fail to connect via ssh. If I run ssh with verbose option:

ssh -vv -p 4022 jhipster@localhost

I get:

OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 4022.
debug1: Connection established.
debug1: identity file /home/normunds/.ssh/id_rsa type 1
debug1: identity file /home/normunds/.ssh/id_rsa-cert type -1
debug1: identity file /home/normunds/.ssh/id_dsa type -1
debug1: identity file /home/normunds/.ssh/id_dsa-cert type -1
debug1: identity file /home/normunds/.ssh/id_ecdsa type -1
debug1: identity file /home/normunds/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1
debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
Connection closed by ::1

In case I try to reach another Ubuntu host I receive the same sequence (apart from host, port and OpenSSH version), but instead of the last line with "Connection closed" it has:

debug1: SSH2_MSG_KEXINIT received

and eventually it connects successfully.

I have tried to connect to via localhost:4022, ip-of-container:22; from local or remote hosts with the same results.

So the problems seems to be in container or docker (or eventually ubuntu settings within docker). However docker top jhipster shows me sshd is running and - yes, the trace evidently shows that I reach the ssh server.

Any ideas?

Edited I ran docker image, so that it enters command line, then ran sshd in debug mode:

sudo docker run -v ~/projects:/jhipster -p 8080:8080 -p 9000:9000 -p 4022:22 -t -i --name jhipster jdubois/jhipster-docker /bin/bash

/usr/sbin/sshd -d

in order to debug further. On connection attempt sshd fails with:

chroot("/var/run/sshd"): Operation not permitted [preauth]

解决方案

1) ssh access

CentOS 7 It looks that the problem is that CentOS 7 repository has only an old Docker version; both CentOS 6 and Ubuntu use version 1.1.2. The issue on CentOS 7 can be bypassed by running the image with command line option (as in edited section of OP) then running:

sed 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config

/usr/sbin/sshd

CentOS 6 When testing in CentOS 6 running Docker 1.1.2, I did not have the same problem (ssh connection got further, hence I assume the error on CentOS 7 was caused by the Docker version), however ssh disconnected as soon as connected with an error on client side pam session not opened and on container side PAM: pam_open_session(): Cannot make/remove an entry for the specified session.

Here it looks it is related to [FIXED] ubuntu 14.04 container with ssh login issues #5663 . Even if it is marked as "fixed". In any case one of the solutions mentioned in the thread that I tried was enough to fix my ssh connectivity issue:

sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/*

It seems, it would also be enough to run:

sed 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config

instead, but I did not try this option.

Conclusion: ssh connectivity on CentOS can be fixed by running the image with a command line

sudo docker run -v ~/projects:/jhipster -p 8080:8080 -p 9000:9000 -p 4022:22 -t -i --name jhipster jdubois/jhipster-docker /bin/bash

then different "fixes" for CentOS 6/CentOS 7 as discussed above, then

/usr/sbin/sshd

2) At this point we might ask: "why ssh at all"? Once we arrive on command line all we need to do is:

su jhipster
cd /jhipster
yo jhipster

right? Nearly so, but here we have another problem. Again different on both CentOS versions. And it is present also if we connect via ssh.

On CentOS 7 that is using the old Docker version we need to modify selinux context of host directory (in our case ~/jhipster):

chcon -Rt svirt_sandbox_file_t ~/jhipster

On CentOS 6 this is not necessary (and svirt_sandbox_file_t does not exist as an option), however the shared folder inside the container is unavailable for the user jhipster. We first, as the root, need to run:

chown jhipster:jhipster /jhipster

And then already:

su jhipster
cd /jhipster
yo jhipster

这篇关于通过ssh连接到在CentOS 7上的jhipster docker容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！