0

I want to access a running docker via ssh, by name.

  1. How can I ping to the docker?
  2. How can I connect to the docker using ssh?
  3. Bonus: How can I connect to the docker, using ssh, from a different computer than the one it runs on?

I am aware that it is considered better to access via docker exec, but this does not work for me, as I have to use ssh for my case [I am trying to use clion's fully remote mode on a remote hosted docker via ssh tunneling. Their docs only support remote non-docker, or local docker].

This is my dockerfile

ARG VER=
ARG TOOL_DOCKER=
ARG BASE_IMAGE=
ARG TOOL_DIR=
FROM devsrv:5000/${TOOL_DOCKER}:${VER} AS tool_base

ARG VER=
ARG BASE_IMAGE=
ARG TOOL_DIR=
FROM ${BASE_IMAGE}
ARG VER=
ARG BASE_IMAGE=
ARG TOOL_DOCKER=
ARG TOOL_DIR=
ARG UNAME=
ARG UID=
USER root

COPY launchpad.key /tmp/launchpad.key

RUN apt-get update && \
    apt-get install -y software-properties-common && \
    apt-key add /tmp/launchpad.key && \
    add-apt-repository -y ppa:git-core/ppa && apt-get update && \
    apt-get install -y git libxt-dev libxtst6 libnss3 libnspr4 \
        libgbm-dev libxss-dev libasound2 libatk-bridge2.0-0 \
        libcanberra-gtk-module libcanberra-gtk3-module valgrind sudo \
        libx11-xcb-dev && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    rm -rf /tmp/*

RUN groupadd --system ${UNAME} --gid ${UID} && \
    useradd --uid ${UID} --system --gid ${UNAME} --home-dir /home/${UNAME} --create-home --comment "Docker image user" ${UNAME} && \
    chown -R ${UNAME}:${UNAME} /home/${UNAME} && \
    usermod -aG sudo ${UNAME} && \
    echo "${UNAME}  ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/${UNAME}

COPY --from=tool_base ${TOOL_DIR} ${TOOL_DIR}

and this is the gist of how it is run

BUILD_CMDLINE="docker build \
    --build-arg UID=${UID} \
    --build-arg UNAME=${USER} \
    --build-arg VER=${VERSION} \
    --build-arg BASE_IMAGE=${BASE_DOCKER} \
    --build-arg TOOL_DOCKER=$(${DIR}/impl/known-tools.py docker ${TOOL}) \
    --build-arg TOOL_DIR=$(${DIR}/impl/known-tools.py tool-dir ${TOOL}) \
    -f ${DIR}/impl/personal-tool.dockerfile -t ${IMAGE} ${DIR}/impl"

echo "Building docker using: ${BUILD_CMDLINE}"
${BUILD_CMDLINE} || exit 1

# Need to give the container access to your windowing system
xhost +
echo $HOME
echo ${USER_ID}:${GROUP_ID}
RUN_CMD="docker run --group-add ${DOCKER_GROUP_ID} \
                --env HOME=${HOME} \
                --env="DISPLAY" \
                --entrypoint /bin/bash \
                --interactive \
                --net "host" \
                --rm \
                --tty \
                --user=${USER_ID}:${GROUP_ID} \
                --volume ${HOME}:${HOME} \
                --volume /isilon:/isilon \
                --volume /mnt:/mnt \
                $(cat ${HOME}/personal-uv-docker-flags) \
                -v "${HOME}/.Xauthority:${HOME}/.Xauthority:rw" \
                --volume /var/run/docker.sock:/var/run/docker.sock \
                --workdir ${HOME} \
                --cap-add sys_ptrace \
                -p127.0.0.1:2222:22 \
                --name my_docker \
                ${IMAGE} $(${DIR}/impl/known-tools.py cmd-line ${TOOL})"

echo "Running docker using: ${RUN_CMD}"

${RUN_CMD}

When running this docker, doing docker ps gives

CONTAINER ID        IMAGE                                                        COMMAND                  CREATED             STATUS              PORTS               NAMES
a5f15b6f5e7b        clion-professional_devsrv_5000/acq-base-docker_latest:noam   "/bin/bash /opt/clio…"   18 minutes ago      Up 18 minutes                           my_docker

If information is missing please say so and I will edit the question.

Edit:

Edited the dockerfile to


COPY launchpad.key /tmp/launchpad.key

RUN apt-get update && \
    apt-get install -y software-properties-common && \
    apt-get install -y openssh-client && \
    apt-get install -y openssh-server && \
    systemctl enable sshd && \
    apt-key add /tmp/launchpad.key && \
    add-apt-repository -y ppa:git-core/ppa && apt-get update && \
    apt-get install -y git libxt-dev libxtst6 libnss3 libnspr4 \
        libgbm-dev libxss-dev libasound2 libatk-bridge2.0-0 \
        libcanberra-gtk-module libcanberra-gtk3-module valgrind sudo \
        libx11-xcb-dev && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    rm -rf /tmp/*

RUN groupadd --system ${UNAME} --gid ${UID} && \
    useradd --uid ${UID} --system --gid ${UNAME} --home-dir /home/${UNAME} --create-home --comment "Docker image user" ${UNAME} && \
    chown -R ${UNAME}:${UNAME} /home/${UNAME} && \
    usermod -aG sudo ${UNAME} && \
    echo "${UNAME}  ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/${UNAME}

COPY --from=tool_base ${TOOL_DIR} ${TOOL_DIR}

USER {UNAME}

output:

...

Get:11 http://archive.ubuntu.com/ubuntu xenial/main amd64 ssh-import-id all 5.5-0ubuntu1 [10.2 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 1003 kB in 0s (1184 kB/s)
Selecting previously unselected package libwrap0:amd64.
(Reading database ... 25945 files and directories currently installed.)
Preparing to unpack .../libwrap0_7.6.q-25_amd64.deb ...
Unpacking libwrap0:amd64 (7.6.q-25) ...
Selecting previously unselected package ncurses-term.
Preparing to unpack .../ncurses-term_6.0+20160213-1ubuntu1_all.deb ...
Unpacking ncurses-term (6.0+20160213-1ubuntu1) ...
Selecting previously unselected package openssh-sftp-server.
Preparing to unpack .../openssh-sftp-server_1%3a7.2p2-4ubuntu2.10_amd64.deb ...
Unpacking openssh-sftp-server (1:7.2p2-4ubuntu2.10) ...
Selecting previously unselected package openssh-server.
Preparing to unpack .../openssh-server_1%3a7.2p2-4ubuntu2.10_amd64.deb ...
Unpacking openssh-server (1:7.2p2-4ubuntu2.10) ...
Selecting previously unselected package python3-pkg-resources.
Preparing to unpack .../python3-pkg-resources_20.7.0-1_all.deb ...
Unpacking python3-pkg-resources (20.7.0-1) ...
Selecting previously unselected package python3-chardet.
Preparing to unpack .../python3-chardet_2.3.0-2_all.deb ...
Unpacking python3-chardet (2.3.0-2) ...
Selecting previously unselected package python3-six.
Preparing to unpack .../python3-six_1.10.0-3_all.deb ...
Unpacking python3-six (1.10.0-3) ...
Selecting previously unselected package python3-urllib3.
Preparing to unpack .../python3-urllib3_1.13.1-2ubuntu0.16.04.4_all.deb ...
Unpacking python3-urllib3 (1.13.1-2ubuntu0.16.04.4) ...
Selecting previously unselected package python3-requests.
Preparing to unpack .../python3-requests_2.9.1-3ubuntu0.1_all.deb ...
Unpacking python3-requests (2.9.1-3ubuntu0.1) ...
Selecting previously unselected package tcpd.
Preparing to unpack .../tcpd_7.6.q-25_amd64.deb ...
Unpacking tcpd (7.6.q-25) ...
Selecting previously unselected package ssh-import-id.
Preparing to unpack .../ssh-import-id_5.5-0ubuntu1_all.deb ...
Unpacking ssh-import-id (5.5-0ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Setting up libwrap0:amd64 (7.6.q-25) ...
Setting up ncurses-term (6.0+20160213-1ubuntu1) ...
Setting up openssh-sftp-server (1:7.2p2-4ubuntu2.10) ...
Setting up openssh-server (1:7.2p2-4ubuntu2.10) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
Creating SSH2 RSA key; this may take some time ...
2048 SHA256:Wlq9V+siHa4herOkUxo+f7Gsy+Dr5obNzd21YlvcTxw root@20cd14a69430 (RSA)
Creating SSH2 DSA key; this may take some time ...
1024 SHA256:PHYTyaGyXHO7N5V3VOGoFcBY23FDBydEcCdrrI01ZpU root@20cd14a69430 (DSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:/T4agN5tch9KKW3+vp7jdFhGBGHtZ2lA7rD9BFk/vfM root@20cd14a69430 (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:xm6KylI0biBsq1imRWYuTecinrwTAlFE+ekVlWV8G3o root@20cd14a69430 (ED25519)
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
Setting up python3-pkg-resources (20.7.0-1) ...
Setting up python3-chardet (2.3.0-2) ...
Setting up python3-six (1.10.0-3) ...
Setting up python3-urllib3 (1.13.1-2ubuntu0.16.04.4) ...
Setting up python3-requests (2.9.1-3ubuntu0.1) ...
Setting up tcpd (7.6.q-25) ...
Setting up ssh-import-id (5.5-0ubuntu1) ...
Processing triggers for libc-bin (2.23-0ubuntu11) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Operation failed: Too many levels of symbolic links
The command '/bin/sh -c apt-get update &&     apt-get install -y software-properties-common &&     apt-get install -y openssh-client &&     apt-get install -y openssh-server &&     systemctl enable sshd &&     apt-key add /tmp/launchpad.key &&     add-apt-repository -y ppa:git-core/ppa && apt-get update &&     apt-get install -y git libxt-dev libxtst6 libnss3 libnspr4         libgbm-dev libxss-dev libasound2 libatk-bridge2.0-0         libcanberra-gtk-module libcanberra-gtk3-module valgrind sudo         libx11-xcb-dev &&     apt-get clean &&     rm -rf /var/lib/apt/lists/* &&     rm -rf /tmp/*' returned a non-zero code: 1

With the highlighted errors being

invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.

and

Operation failed: Too many levels of symbolic links
Gulzar
  • 23,452
  • 27
  • 113
  • 201
  • 1
    W/r/t ssh: If you want to `ssh` into a container you need to install `sshd` (in the container) and ensure that it is running, just like with any other system. – larsks Nov 21 '21 at 16:46
  • @larsks I was not aware of this, as I am quite a noob with linux and docker. Can you please specify how to correctly install `sshd` on the above docker? – Gulzar Nov 21 '21 at 16:47
  • You can ping / ssh your container (provided you have installed `sshd`) by IP, which you can obtain with `docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' my_docker`. – cornuz Nov 21 '21 at 17:12
  • @cornuz This command gives me empty output. – Gulzar Nov 21 '21 at 17:16
  • @cornuz Also, `apt-get install -y openssh-server` does not seem to be enough to install `sshd`, as I am getting ` noam@ML:~$ ssh -p 2222 noam@127.0.0.1 ssh: connect to host 127.0.0.1 port 2222: Connection refused`. What a I missing? – Gulzar Nov 21 '21 at 17:18
  • @Gulzar Perhaps you are using an older version of docker. Try `docker inspect --format '{{ .NetworkSettings.IPAddress }}' my_docker`. I think installing `sshd` in your `Dockerfile` is not enough because it doesn't start it. Add `systemctl ssh enable` in your Dockerfile after `apt-get install`? – cornuz Nov 21 '21 at 17:32
  • Also, there are plenty of tutorials online about how to run an ssh server in docker (and why not to do it). – cornuz Nov 21 '21 at 17:33
  • @cornuz I saw these tutorials and did all of them 3 times before asking. As for the other command (copied from some other answer I already found), the output is also empty. – Gulzar Nov 21 '21 at 17:35
  • Adding `systemctl ssh enable` gives `Unknown operation ssh.` – Gulzar Nov 21 '21 at 17:35
  • @Gulzar my bad, I swapped them. I meant `systemctl enable sshd` – cornuz Nov 21 '21 at 17:37
  • @cornuz It failed but I have no idea why, please see edit – Gulzar Nov 21 '21 at 17:41
  • I'd suggest you think of a Docker container as a wrapper around a _process_. If you substitute _process_ into your questions -- "how do I ping a _process_', "how do I ssh into a _process_" -- they don't really match how you normally use processes in Linux. – David Maze Nov 21 '21 at 19:49

2 Answers2

1

Based on @vector's answer, here is a complete solution :

#!/bin/bash
# docker.sh

docker run --rm --hostname dns.mageddo\
    -v /var/run/docker.sock:/var/run/docker.sock\
    -v /etc/resolv.conf:/etc/resolv.conf\
    -d defreitas/dns-proxy-server

docker run -ti --hostname my_docker --name my_docker\
    -p 2222:22 --rm debian bash -c "
        apt update -y;apt install -y openssh-server; service ssh start;
        useradd pi; mkdir -p /home/pi; chown pi /home/pi;
        passwd pi <<< \$'password\npassword'; exec bash"

In one terminal, run ./docker.sh, once both containers running,

open another terminal :

  1. ping my_docker

  2. ssh pi@my_docker # password : password

  3. from another computer than your-machine :

    ssh -p 2222 pi@your-machine # password : password

Dockerfile version :

cat << EOF > Dockerfile
FROM debian
RUN apt update && apt install  openssh-server sudo -y
RUN useradd -rm -d /home/pi -s /bin/bash -g root -G sudo -u 1000 pi 
RUN echo 'pi:password' | chpasswd
RUN service ssh start
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
EOF

docker build -t my_docker .
docker run --hostname my_docker --name my_docker -it -p 2222:22 my_docker
Philippe
  • 20,025
  • 2
  • 23
  • 32
  • Can you please explain what's going on here? At least what should be changed and what shouldn't, and how come the password for the machine is not required when connecting to a docker on it? – Gulzar Nov 22 '21 at 09:10
  • Nothing needs to be changed. You just run ./docker.sh and you have a docker with ssh daemon to test. As I forwarded to port 2222 to port 22 in docker, when you connect to 2222, you are connecting to docker, not to the machine. – Philippe Nov 22 '21 at 12:09
  • Can you also please explain 1. `dns.mageddo`, 2. `-v /var/run/docker.sock:/var/run/docker.sock\` 3. `-v /etc/resolv.conf:/etc/resolv.conf\` 4. `-d defreitas/dns-proxy-server` 5. why `docker run` two separate times? – Gulzar Nov 22 '21 at 12:59
  • This link (https://hub.docker.com/r/defreitas/dns-proxy-server) should give you a good overview of what dns proxy does. I gave two dockers, one for dns proxy, one for ssh daemon. What do you see when you do `docker ps` ? – Philippe Nov 22 '21 at 13:21
  • `docker ps` shows both dockers are up. Like I said, connecting via ssh on the same machine does work. Output of `docker ps`: `CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 480803ff8262 defreitas/dns-proxy-server "/app/dns-proxy-serv…" 12 minutes ago Up 12 minutes quirky_easley e33c6addd406 debian "bash -c '\n a…" 15 minutes ago Up 14 minutes 0.0.0.0:2222->22/tcp my_docker ` – Gulzar Nov 22 '21 at 13:29
  • Side note, I ran the commands from directly from the shell, as they did not work from the script for some reason. I assume that is easily fixable and out of the point. – Gulzar Nov 22 '21 at 13:30
  • Another test I did: `ssh -p 2222 pi@your-machine` run FROM THE SAME MACHINE, did connect. it only doesn't work from an external machine. – Gulzar Nov 22 '21 at 13:48
  • *it only doesn't work from an external machine* Can it be firewall issue ? What error message have you got ? – Philippe Nov 22 '21 at 14:07
  • `ssh: connect to host 192.168.100.38 port 2222: Connection timed out`. I am assuming I have to externalize port 2222 for ssh somehow. `telnet 192.168.100.38 22` goes through, but `telnet 192.168.100.38 2222` gives `telnet: Unable to connect to remote host: Connection timed out` – Gulzar Nov 22 '21 at 14:10
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/239450/discussion-between-philippe-and-gulzar). – Philippe Nov 22 '21 at 14:11
  • Attempting to open 2222 port with IT. Will post updates. – Gulzar Nov 23 '21 at 08:15
  • I opened the port and this worked! THANK YOU! – Gulzar Nov 25 '21 at 08:49
  • I am trying for hours to get this ssh-server+ssh start into another docker, and for the life of me, I can't. How can these commands work from a .dockerfile instead of from an ad-hoc bash in the `docker run`command line? – Gulzar Nov 27 '21 at 19:28
0

I think docker does not support connecting to the container by name, you have to expose the port to the host machine and then connect through it.

Or if you still want to connect via name you can refer here defreitas/dns-proxy-server

Example:

# First run DPS
$ docker run --rm --hostname dns.mageddo \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/resolv.conf:/etc/resolv.conf \
defreitas/dns-proxy-server

# Then run the container
$ docker run --hostname my_docker --name my_docker -d my_image

# Now, you can connect by name
$ ping my_docker
quoc9x
  • 1,423
  • 2
  • 9
  • 26
  • what is DPS? can you please explain what you did here? – Gulzar Nov 22 '21 at 12:59
  • DPS stands for [dns-proxy-server](https://hub.docker.com/r/defreitas/dns-proxy-server) , it is a tool that allows you to connect to containers by name. – quoc9x Nov 22 '21 at 14:17