Update Dockerfile - enable SSH #999
Conversation
Enable SSH for docker-server image-based containers.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
| RUN apt-get install -y openssh-server | ||
| RUN apt-get clean | ||
| RUN mkdir /var/run/sshd | ||
| RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config |
There was a problem hiding this comment.
It's been a long time since I was fluent in Docker, but I think doing all that apt-get stuff in a single RUN is best practice for purposes of reducing image layers / size.
There was a problem hiding this comment.
I could combine them on a single line ...
apt-get update --fix-missing && apt-get install -y python build-essential && apt-get install -y openssh-server && apt-get clean
... but does it really improve that much? Or do you have something else in mind?
There was a problem hiding this comment.
Yes, I suggest keeping it in the same one-line format as it was.
the reason is that each RUN statement marks when docker creates a layer, and apt-get update ... apt-get clean all in one RUN is common since it removes a lot of cruft from the total image.
|
I'm not familiar with this pattern of exposing SSH from a docker image. Can you point me to something like a best practices document / blog post that explains this? Can this instead be done as dependent image that extends ours? If anyone expert in Docker is viewing this issue, please feel free to chime in. Thanks! |
Researching it I found a few examples at (amongst others) ... https://www.howtogeek.com/devops/how-to-ssh-into-a-docker-container/ https://dev.to/s1ntaxe770r/how-to-setup-ssh-within-a-docker-container-i5i https://forums.docker.com/t/docker-networking-and-ports/93855/5 ... that all mention starting openssh-server. We will need to expose a port and I stuck to the port 22 standard. You can probaly extend your docker image based on a docker image that already provides an SSH feature, but I do not know of any well-known Docker images providing this feature. I will not really advertise my PR, but adding SSH is generally not something you want because it opens an attack vector. In this case, I wanted to add SSH support because accessing the running container instance is the only way to recover lost admin keys... If there was an alternative to recover lost admin keys via the application or an email address then this SSH access would not really be necessary. And that would probably be preferred. |
Enable SSH for docker-server image-based containers.