Docker ssh service

10 April 2021

Note:

I published a new blog post about start SSH service as a no root user


Sometimes could be usefull for testing programs or bash scripts to copy files from one docker image to another docker container.

In this example I use:
* sender: a docker image based on ubuntu. From this container files are sent to receiver container and it is possible transfer files using the mechanism of known_hosts file, it is also copied a key from sender to receiver without requiring enter password to connect
* receiver: a docker image based on httpd daemon. This container has a http and ssh active daemon in order to be able to entrablish ssh connections. I choosed to use a httpd image because files could be browsable and visible via a normal browser, so based on your requirements it is not a mandatory to have http daemon.

Please note that to keep be simple:
* I use root user (not reccomended for production environment!)
* entrypoint bash are created in dockerfile but could be mounted externally

docker-compose.yml

version: "3.7"
services:
  sender:
    build:
      context: .
      dockerfile: ./Dockerfile
      target: sender
    volumes:
      - /tmp/docker-ssh-service:/tmp
    links:
      - receiver
    tty: true
    stdin_open: true
    networks:
      - docker-ssh-service

  receiver:
    build:
      context: .
      dockerfile: ./Dockerfile
      target: receiver
    ports:
      - "10022:22"
      - "10080:80"
    networks:
      - docker-ssh-service

networks:
  docker-ssh-service:
    driver: bridge

Dockerfile

FROM ubuntu:20.10 as sender
RUN apt-get update && apt-get install -y openssh-client git sshpass

# In entry point is copied public keys in known_host 
RUN echo '#!/bin/bash\nmkdir --parent /root/.ssh && ssh-keyscan receiver > /root/.ssh/known_hosts\nexec bash --login' > /root/entrypoint && \
    chmod +x /root/entrypoint

# SSH key to be copied in receiver
RUN ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -P ""

WORKDIR /tmp
ENTRYPOINT ["/root/entrypoint"]

FROM httpd:2.4.46 as receiver
RUN apt-get update && apt-get install -y openssh-server 
RUN mkdir /var/run/sshd

RUN ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -P ""
RUN sed -i 's/#   IdentityFile ~\/.ssh\/id_ed25519/   IdentityFile ~\/.ssh\/id_ed25519/g' /etc/ssh/ssh_config

# Copying from sender public key
COPY --from=sender /root/.ssh/id_ed25519.pub  /root/.ssh/authorized_keys
RUN chmod 600 /root/.ssh/authorized_keys

WORKDIR /usr/local/apache2/htdocs/
# In order to avoid 'Set the 'ServerName' directive globally to suppress this message'
# change apache configuration file
RUN sed -i 's/#ServerName www.example.com:80/ServerName localhost:80/g' /usr/local/apache2/conf/httpd.conf

# To keep simple I prefer to run echo command to create entrypoint but could be copyied from external resources
RUN echo '#!/bin/bash\napachectl start\n/usr/sbin/sshd -D' > /root/entrypoint && \
    chmod +x /root/entrypoint

# Expose ssh and http port
EXPOSE 22
EXPOSE 80

ENTRYPOINT ["/root/entrypoint"]

Example of usage:

<!DOCTYPE html>
<html>
	<head>
		<title>Page Title</title>
	</head>
	<body>
		<h1>Wow my page is published!!</h1>
	</body>
</html>

docker-compose up -d --build && docker-compose exec sender bash

scp ./my-page.html receiver:/usr/local/apache2/htdocs/my-page.html

References