{"id":329586,"date":"2021-08-24T14:00:50","date_gmt":"2021-08-24T11:00:50","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/"},"modified":"2021-08-24T14:00:50","modified_gmt":"2021-08-24T11:00:50","slug":"how-to-ssh-into-a-docker-container-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/","title":{"rendered":"#How to SSH Into a Docker Container \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a326b70df00b\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a326b70df00b\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/#Should_You_Use_SSH_With_Docker_Containers\" >Should You Use SSH With Docker Containers?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/#Installing_the_SSH_Server_in_a_Docker_Container\" >Installing the SSH Server in a Docker Container<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/#Configuring_Authentication\" >Configuring Authentication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/#Connecting_to_the_Container\" >Connecting to the Container<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/#Setting_Up_Container_Shortcuts_With_SSH_Config\" >Setting Up Container Shortcuts With SSH Config<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/#Use_Dockssh_to_Simplify_Container_Management_Instead\" >Use Dockssh to Simplify Container Management Instead<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-ssh-into-a-docker-container-cloudsavvy-it\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to SSH Into a Docker Container \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage aligncenter size-full wp-image-9034\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/01\/6dc7b5a0.jpeg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/01\/6dc7b5a0.jpeg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/01\/6dc7b5a0.jpeg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"1602\" height=\"902\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>SSH is one of the most-used commands in a sysadmin\u2019s toolbox but it\u2019s not commonly seen alongside Docker. Here\u2019s how you can SSH into a running container and why you should think twice before you do.<\/p>\n<h2 id=\"should-you-use-ssh-with-docker-containers\"><span class=\"ez-toc-section\" id=\"Should_You_Use_SSH_With_Docker_Containers\"><\/span>Should You Use SSH With Docker Containers?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSH-ing into a Docker container is <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly a bad practice which you should avoid. It\u2019s nearly always better to use the <code>docker exec<\/code> command to get a shell inside a container.<\/p>\n<p>Docker newcomers can be tempted to use SSH to update files inside a container. Containers are meant to be disposable though so they should be treated as immutable after creation, except for persistent data stored inside volumes. Create a new image and restart your container when you edit source code.<\/p>\n<p>Aside from the multi-step configuration process, installing SSH in a Docker image adds several dependency packages and exposes another potential attack vector. On a system with several active containers, you\u2019ll be running multiple independent SSH processes and will have to remember the correct port for each container.<\/p>\n<p>Instead of adding SSH to individual containers, install it once on the physical host that\u2019s running Docker. Use SSH to connect to your host, then run <code>docker exec -it my-container bash<\/code> to access individual containers.<\/p>\n<p>While <code>docker exec<\/code> is the preferred <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach, there are still scenarios where SSH might be useful. You could introduce it as a stopgap measure to integrate with legacy deployment systems. It may also be used by some IDEs and build tools to provide live reload capabilities during development.<\/p>\n<h2 id=\"installing-the-ssh-server\"><span class=\"ez-toc-section\" id=\"Installing_the_SSH_Server_in_a_Docker_Container\"><\/span>Installing the SSH Server in a Docker Container<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Most popular Docker base images are kept intentionally streamlined. You\u2019ll need to add the OpenSSH server yourself, even on images derived from popular operating system distriubtions.<\/p>\n<p>Here\u2019s an example <code>Dockerfile<\/code> for a Debian-based image:<\/p>\n<pre>RUN apt-get update &amp;&amp; apt-get install -y openssh-server&#13;\nRUN sed -i 's\/PermitRootLogin prohibit-password\/PermitRootLogin yes\/' \/etc\/ssh\/sshd_config&#13;\n&#13;\nENTRYPOINT service ssh start &amp;&amp; bash<\/pre>\n<p>The SSH configuration is modified so you can login as <code>root<\/code>, the default user in a Docker container. For greater security, setup a dedicated user account instead:<\/p>\n<pre>RUN useradd -m -s \/bin\/bash sshuser<\/pre>\n<p>This creates a new user called <code>sshuser<\/code> with a home directory (<code>-m<\/code>). The <code>-s<\/code> switch sets the user\u2019s default login shell to Bash.<\/p>\n<p>The use of <code>ENTRYPOINT<\/code> ensures the SSH service always starts when the container does. Execution is then handed off to Bash as the container\u2019s foreground process. You could replace this with your application\u2019s binary.<\/p>\n<h3 id=\"configuring-authentication\"><span class=\"ez-toc-section\" id=\"Configuring_Authentication\"><\/span>Configuring Authentication<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Next you need to setup an authentication system. You could assign a password to your <code>sshuser<\/code> account and login with that:<\/p>\n<pre>RUN echo \"sshuser:Changeme\" | changepasswd<\/pre>\n<p>A more secure way is to set up SSH key authentication. You\u2019ll need to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/424510\/how-to-create-and-install-ssh-keys-from-the-linux-shell\">create a key pair<\/a> on your client machine, then copy the public part into the container. This way the SSH daemon can verify your machine\u2019s identity when you connect.<\/p>\n<p>Alter your <code>Dockerfile<\/code> to setup the <code>.ssh<\/code> configuration folder for your user. Copy in a public key from your working directory, either with a <code>docker cp<\/code> command or a <code>COPY<\/code> instruction in the <code>Dockerfile<\/code>. In the latter case, the key would be baked into the image, visible to anyone with access.<\/p>\n<pre>COPY id_rsa.pub \/home\/sshuser\/.ssh\/authorized_keys&#13;\nRUN chown -R sshuser:sshuser \/home\/sshuser\/.ssh&#13;\nRUN chmod 600 \/home\/sshuser\/.ssh\/authorized_keys<\/pre>\n<p>This sequence of commands creates SSH\u2019s <code>authorized_keys<\/code> file with the <code>id_rsa.pub<\/code> public key in your working directory. The filesystem permissions are adjusted to match SSH\u2019s requirements.<\/p>\n<h3 id=\"connecting-to-the-container\"><span class=\"ez-toc-section\" id=\"Connecting_to_the_Container\"><\/span>Connecting to the Container<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now you\u2019re ready to connect to your container. Run the container with port 22 bound to the host:<\/p>\n<pre>docker run -p 22:22 my-image:latest<\/pre>\n<p>Running <code>ssh sshuser@example.com<\/code> will give you a shell inside your container.<\/p>\n<p>You can skip binding the port if you\u2019ll be connecting from the machine that\u2019s hosting the Docker container. Use <code>docker inspect<\/code> to get your container\u2019s IP address, then pass it to the SSH connection command.<\/p>\n<pre>docker inspect &lt;id-or-name&gt; | grep 'IPAddress' | head -n 1<\/pre>\n<p>Use the SSH client on your machine to connect to the container:<\/p>\n<pre>ssh root@172.17.0.1&#13;\n&#13;\n# OR&#13;\n&#13;\nssh sshuser@172.17.0.1<\/pre>\n<p>You\u2019ll need to use an alternative port if you\u2019re running a separate SSH server on the host or you\u2019ve got multiple containers that need port 22. Here\u2019s how to initiate a connection when SSH is bound to port 2220:<\/p>\n<pre>docker run -p 22:2220 my-image:latest&#13;\n&#13;\nssh root@172.17.0.1 -p 2220<\/pre>\n<h3 id=\"setting-up-container-shortcuts-with-ssh-config\"><span class=\"ez-toc-section\" id=\"Setting_Up_Container_Shortcuts_With_SSH_Config\"><\/span>Setting Up Container Shortcuts With SSH Config<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>You can manipulate your SSH config file to simplify connections to individual containers. Edit <code>~\/.ssh\/config<\/code> to define shorthand hosts with preconfigured ports:<\/p>\n<pre>Host my-container&#13;\n    HostName 172.17.0.1&#13;\n    Port 2220&#13;\n    User sshuser<\/pre>\n<p>Now you can run <code>ssh my-container<\/code> to drop straight into your container. This makes it easier to juggle multiple connections without remembering container IPs and ports.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Use_Dockssh_to_Simplify_Container_Management_Instead\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_0\">Use Dockssh to Simplify Container Management Instead<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/github.com\/alash3al\/dockssh\">Dockssh project<\/a> takes this a step further by providing another daemon that lets you run <code>ssh my-container@example.com<\/code>, without any manual SSH configuration. You don\u2019t need to install an SSH server in your containers; Dockssh automatically proxies SSH connections and runs the correct <code>docker exec<\/code> command instead.<\/p>\n<p>You must first install Redis to store Dockssh\u2019s configuration data:<\/p>\n<pre>sudo apt install redis<\/pre>\n<p>Next, define the containers you want to expose by adding a Redis record with the container\u2019s name and a password for SSH connections:<\/p>\n<pre>redis-cli set dockssh:my-container:pass \"container-password-here\"<\/pre>\n<p>Then download Dockssh:<\/p>\n<pre>sudo curl https:\/\/github.com\/alash3al\/dockssh\/releases\/download\/v1.1.0\/dockssh_linux_amd64 -O \/usr\/local\/bin\/dockssh&#13;\nsudo chmod +x \/usr\/local\/bin\/dockssh&#13;\nsudo ufw allow 22022&#13;\n&#13;\n# Start DockSSH server&#13;\ndockssh<\/pre>\n<p>Now you can connect to your container:<\/p>\n<pre>ssh my-container@example.com -p 22022<\/pre>\n<p>Dockssh listens on port 22022 by default. The firewall is opened to allow incoming connections using the port.<\/p>\n<p>You\u2019ll be prompted for the container\u2019s password when you connect. This was set as <code>container-password-here<\/code> in our Redis record above.<\/p>\n<p>Using Dockssh makes it easy to SSH into a large number of Docker containers. This approach is ideal when you regularly connect to your containers from a remote host as it streamlines the two-step \u201cSSH then <code>docker exec<\/code>\u201d sequence into a single memorable command.<\/p>\n<p>Register Dockssh as a system service for long-term use:<\/p>\n<pre>sudo nano \/etc\/systemd\/system\/dockssh.service<\/pre>\n<pre>[Unit]&#13;\nDescription=Dockssh service&#13;\nAfter=network.target&#13;\n&#13;\n[Service]&#13;\ntype=simple&#13;\nRestart=always&#13;\nRestartSec=1&#13;\nUser=root&#13;\nExecStart=\/usr\/local\/bin\/dockssh&#13;\n&#13;\n[Install]&#13;\nWantedBy=multi-user.target<\/pre>\n<p>Enable the service using <code>systemctl<\/code>:<\/p>\n<pre>sudo systemctl enable dockssh.service&#13;\nsudo systemctl start dockssh<\/pre>\n<p>Dockssh will now start automatically when your system boots.<\/p>\n<h2 id=\"summary\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Combining SSH with Docker containers is broadly considered to be an anti-pattern yet it still has its uses in development, testing, and legacy environments. When there\u2019s no alternative you can add the SSH server to your container, copy in a public key, and connect via the container\u2019s IP or a host port binding.<\/p>\n<p>System admins who want to remotely manage large numbers of Docker containers can try out Dockssh. It lets you run familiar <code>ssh<\/code> commands via a seamless behind-the-scenes mapping to <code>docker exec<\/code>, giving you the best of both worlds using unmodified images.\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/13937\/how-to-ssh-into-a-docker-container\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to SSH Into a Docker Container \u2013 CloudSavvy IT&#8221; SSH is one of the most-used commands in a sysadmin\u2019s toolbox but it\u2019s not commonly seen alongside Docker. Here\u2019s how you can SSH into a running container and why you should think twice before you do. Should You Use SSH With Docker Containers? SSH-ing into&#8230;<\/p>\n","protected":false},"author":1,"featured_media":329587,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/01\/6dc7b5a0.jpeg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-329586","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/329586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=329586"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/329586\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/329587"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=329586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=329586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=329586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}