ssh into docker container

Question

On my Windows 10 host machine with Docker 4.9.1 I want to ssh into a docker container.

I followed a bunch of tutorials just like this one:

https://phoenixnap.com/kb/how-to-ssh-into-docker-container

From within the container I can ssh into the container using its IP of 172.17.0.2, but from my host machine I cannot.

Confirmation of the IP address:

docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' interesting_meitner
'172.17.0.2'

Ping without response:

ping 172.17.0.2

Ping wird ausgeführt für 172.17.0.2 mit 32 Bytes Daten:
Zeitüberschreitung der Anforderung.

Ping-Statistik für 172.17.0.2:
    Pakete: Gesendet = 1, Empfangen = 0, Verloren = 1
    (100% Verlust),

SSH with connection timeout:

ssh root@172.17.0.2
ssh: connect to host 172.17.0.2 port 22: Connection timed out

Starting the container (obviously done before trying to connect to it):

docker run -ti with_ssh:new /bin/bash

I have also tried this with options for remapping ports i.e. -p 22:666 or -p 666:22 .

Starting ssh server:

/etc/init.d/ssh start
 * Starting OpenBSD Secure Shell server sshd

Checking status:

 /etc/init.d/ssh status
 * sshd is running

Ssh from container into container:

ssh root@172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:471dnz1q83owB/Nu0Qnnyz/Sct4Kwry9Sa9L9pwQeZo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root@172.17.0.2's password:
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 5.10.16.3-microsoft-standard-WSL2 x86_64)
[...]

Again from the Docker host I get a connection timeout. What do?

What is the single process the container runs? Does it make sense to ssh into that process? — David Maze, Feb 15 '23 at 15:40
I want to use a python interpreter from the container as a remote interpreter which requires ssh. Using the article on [using docker as a remote interpreter](https://www.jetbrains.com/help/pycharm/using-docker-as-a-remote-interpreter.html) does not lead me to having the environment that I want to have. Instead even with volume bindings, the filesystem seems to be my windows host machine, not the docker container. — not_a_robot, Feb 16 '23 at 13:42
Can you just [install Python](https://www.python.org/downloads/) rather than use an extremely indirect setup like this? A container is usually a wrapper around a single process, and it's normally isolated from your host system, so you need to jump through a lot of hoops to use something like a Python interpreter packaged in a container but running against host code. — David Maze, Feb 16 '23 at 14:31
[Using docker as a remote interpreter](https://www.jetbrains.com/help/pycharm/using-docker-as-a-remote-interpreter.html) results in the interpreter running in the container but interpreting the host code and using the host filesystem. I.e. the script path is `C:/path2script/main.py` and the workdir would be `C:/workdirpath`. I must use the docker container as the whole project needs to run as an apptainer/singularity container on my uni's cluster. Otherwise I wouldn't be able to use the necessary CUDA drivers. — not_a_robot, Feb 16 '23 at 21:34
I guess I could update how paths are constructed. Making each base path a parameter would allow to easily replace them once the thing is supposed to run on the cluster (i.e. `input_data_path=C:/data/input` could be replaced by `input_data_path=/path_on_cluster/input`). This kind of defeats the purpose of binding volumes though and seems odd when thinking about an interpreter in a container working on data that is 'outside' of the container. — not_a_robot, Feb 16 '23 at 21:34

rob-otter · Accepted Answer · 2023-02-15T12:58:08.487

0

Your Docker container runs in a virtual network you cannot reach from the host (because it is isolated), which is why you cannot ping the containers IP from the host (but your docker container can, because it is attending the same network). You can expose the port like you already did with -p 666:22, but then you have to SSH to localhost not to the IP of the container: ssh -p 666 root@127.0.0.1.

You could also configure a correct routing from your hosts network to the virtual network and then you can reach the IP directly.

I did not reproduce your setup but this might work i guess. Hope it helps.

edited Feb 15 '23 at 12:58

answered Feb 15 '23 at 12:52

rob-otter

46
5

`ssh -p root@localhost` works! Thank you so much for taking the time and helping me! "You could also configure a correct routing from your hosts network to the virtual network and then you can reach the IP directly." Do you have a resource that can help me learn more about this? – not_a_robot Feb 16 '23 at 13:35
`ssh -p 666 root@localhost`* – not_a_robot Feb 16 '23 at 21:37
Basically all information about networking is here: https://docs.docker.com/desktop/networking/ - however on Windows everything is a bit different (but it is noted in the documentation). You might also find this post helpful: https://stackoverflow.com/questions/24319662/from-inside-of-a-docker-container-how-do-i-connect-to-the-localhost-of-the-mach . I did not do this myself in the past (i just noted it because i guessed that this might also be possible), so i have no practical tips on this (sorry about that). Und da dein Ping Deutsch ist: Liebe Grüße! (Bin auch aus dem DACH Raum) – rob-otter Feb 17 '23 at 16:54

ssh into docker container

1 Answers1