[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Running sshd in a Docker Container on Openshift

It is possible to run sshd on OpenShift, if other options don't work - we do it as part of the Telepresence remote debugging tool we built for OpenShift and Kubernetes (https://telepresence.io).

Here's a shortened (and untested) Dockerfile:

FROM alpine:3.5

RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

RUN apk add --no-cache openssh && \
    ssh-keygen -A && \
    echo -e "ClientAliveInterval 1\nGatewayPorts yes\nPermitEmptyPasswords yes\nPort 8022\nClientAliveCountMax 10\nPermitRootLogin yes\n" >> /etc/ssh/sshd_config

# Set the permissions necessary to run as a non-root user
RUN chmod -R g+r /etc/ssh && \
    chmod g+w /etc/passwd && \
    chmod -R g+w /usr/src/app

COPY run.sh /usr/src/app
RUN chmod +x /usr/src/app/run.sh

# Running as root will now fail due with a permissions error, so default to some
# other UID
USER 1000

CMD /usr/src/app/run.sh


And here's run.sh:

#!/usr/bin/env sh
set -e
USER_ID="$(id -u)"
GROUP_ID="$(id -g)"

# This is a terrible hack to allow SSH login to a runtime-specified UID
echo "telepresence::${USER_ID}:${GROUP_ID}:Telepresence User:/usr/src/app:/bin/ash" >> /etc/passwd

exec /usr/sbin/sshd -e


You can now ssh to the machine via telepresence yourhost, with no password.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]