1

I got a container that has openssh installed and can be connnected via the command ssh 172.17.0.2.

Now I want to get a port (say 32769) on the host side, and map the port 22 (of docker container) to it, the reason for doing that is I want to get the ssh 127.0.0.1 -p 32769 works on localhost, I got the errors as : ssh_exchange_identification: read: Connection reset by peer . The port mapping is showing normally on docker engine: 0.0.0.0:32769->22/tcp.

Can somebody help me with that? Much appreciated!

Mingo Pan
  • 37
  • 5
  • How are you starting the container? What's the image the container is running? – David Maze Nov 23 '20 at 14:30
  • I was starting the container in the python style. The mounting appears has no error, but what was wrong is the -container-ip in the process of docker-proxy: /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 32812 -container-ip 172.21.1.2 -container-port 22, the container ip can work with 172.17.0.2 which is eth0. I wonder if I can manually correct the container ip. – Mingo Pan Nov 24 '20 at 01:19
  • Tried to ping 172.21.1.2, it was unreachable: From 172.21.1.1 icmp_seq=1 Destination Host Unreachable. 172.17.0.2 was doing fine: PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=16.1 ms – Mingo Pan Nov 24 '20 at 01:22
  • The container IP address is an internal implementation detail, and you should completely ignore it. (Among other things, it can change whenever you delete and restart a container.) – David Maze Nov 24 '20 at 01:54
  • I think it has been set to my eth1, so no matter how many times I restart the container, it will always be the ip of my eth1. – Mingo Pan Nov 24 '20 at 07:34

1 Answers1

0

Check that the SSH daemon is running in your container first (through a docker exec or docker attach session):

service ssh status
# or
service sshd status

Make sure you have the right IP address

sudo docker inspect -f "{{ .NetworkSettings.IPAddress }}" Container_Name

Use the right SSH URL:

ssh root@172.17.0.2

See more in "How to SSH into a Running Docker Container and Run Commands" from Sofija Simic.

Using a docker run -p 32769:22 is in your case a good idea.

The OP mentions in the discussion an issue with docker proxy:

The docker-proxy was not getting eth0 of the container as -container-ip.
Here is what I've got

/usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 32785 \
                      -container-ip 172.21.1.2 -container-port 22
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Yep, the sshd service is up in docker container. Actually I can connect to the container via the ssh 172.17.0.2. My question is how can I connect to it by the style ssh 127.0.0.1 -p [mapping port]. – Mingo Pan Nov 23 '20 at 07:27
  • @MingoPan CAn you show the result of a `docker ps` for that container, to see what ports are laready exposed? – VonC Nov 23 '20 at 07:29
  • 0.0.0.0:32778->22/tcp, the ssh 127.0.0.1 -p 32778 is not working for me. Got the error: ssh_exchange_identification: read: Connection reset by peer – Mingo Pan Nov 23 '20 at 07:32
  • @MingoPan 127.0.0.1? Why 127.0.0.1? Why not using the container IP address? – VonC Nov 23 '20 at 07:35
  • Interesting, I has tried docker inspect, apparently I got nothing on port 22."PortBindings": { "22/tcp": [ { "HostIp": "", "HostPort": "" } ] }, – Mingo Pan Nov 23 '20 at 07:36
  • @MingoPan That is because the docker image has no `EXPOSE` directive for that port (https://docs.docker.com/engine/reference/builder/#expose – VonC Nov 23 '20 at 07:37
  • I am requried to do so, : ( – Mingo Pan Nov 23 '20 at 07:37
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/224955/discussion-between-vonc-and-mingo-pan). – VonC Nov 23 '20 at 07:39