我正在尝试为在我的远程虚拟服务器上运行的 docker 容器建立一个 ssh 隧道。
基本上,我按照此处关于 this post 的说明进行操作您还可以在其中找到有关我正在努力实现的目标的更多详细信息:
Stackoverflow 的链接帖子:How to SSH into Docker?
实际上我已经正确设置了所有内容,但我的连接每次都终止并显示以下消息:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is <rsa-key>.
Please contact your system administrator.
Add correct host key in /home/rico/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/rico/.ssh/known_hosts:31 remove with: ssh-keygen -f "/home/rico/.ssh/known_hosts" -R [<server-ip>]:33
RSA host key for [<server-ip>]:33 has changed and you have requested strict checking.
Host key verification failed.
我附上截图: https://s18.postimg.org/ivnnxj7a1/connection_closed.png
我的命令行是:
ssh -p 33 root@<server-ip>
其中“33”是 docker 容器的 ssh 端口。
为了让我的虚拟服务器接受连接,我必须做什么?
[更新]
运行命令并添加 -v 标志并发布输出:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <server-ip> [<server-ip>] port 44.
debug1: Connection established.
debug1: identity file /home/rico/.ssh/id_rsa type 1
debug1: identity file /home/rico/.ssh/id_rsa-cert type -1
debug1: identity file /home/rico/.ssh/id_dsa type -1
debug1: identity file /home/rico/.ssh/id_dsa-cert type -1
debug1: identity file /home/rico/.ssh/id_ecdsa type -1
debug1: identity file /home/rico/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/rico/.ssh/id_ed25519 type -1
debug1: identity file /home/rico/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA <server-mac-address>
debug1: Host '[<server-ip>]:44' is known and matches the ECDSA host key.
debug1: Found key in /home/rico/.ssh/known_hosts:32
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rico/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: <my-email>@gmail.com
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: <my-email>@gmail.com
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/rico/.ssh/id_dsa
debug1: Trying private key: /home/rico/.ssh/id_ecdsa
debug1: Trying private key: /home/rico/.ssh/id_ed25519
debug1: Next authentication method: password
root@<server-ip>'s password:
即使我设置了一个新的 root 密码也不起作用
最佳答案
您可能需要重新考虑使用 SSH。正如您在 linked post 中的评论指出,这违背了 Docker 的概念。此外,运行额外的 SSH 服务器会增加潜在的攻击面。
有两种方法可以访问您的容器:
- 通过 SSH 连接到您的虚拟机并使用
docker exec,例如docker exec -it <yourcontainer> bash - 将您的本地客户端连接到在您的虚拟机中运行的 docker 守护进程。这是一种高级方法,但 Docker 有一个 good documentation怎么做 securely .简而言之:您将 VM 上的守护程序配置为监听 TCP 套接字,例如
dockerd -H=0.0.0.0:2376.然后将本地客户端指向相应的 IP,docker -H=$HOST:2376 version.一切都必须通过使用签名的 TLS 证书来保护。
希望对您有所帮助!
关于linux - SSH 隧道到 docker 容器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39488772/