40n8.me/baseimage-docker
1
0
Fork 0
mirror of /repos/baseimage-docker.git synced 2025-12-30 08:01:31 +01:00
Code Issues Releases Wiki Activity

Merge branch 'feature/16' of https://github.com/thomasleveil/baseimage-docker into thomasleveil-feature/16

Browse Source
This commit is contained in:
Hongli Lai (Phusion) 2014-02-25 10:30:30 +01:00
commit 139bc7b81e
5 changed files with 54 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
README.md
View File

@ -205,7 +205,30 @@ The following example runs `ls` without running the startup files and with less
You can use SSH to login to any container that is based on baseimage-docker.
The first thing that you need to do is to ensure that you have the right SSH keys installed inside the container. By default, no keys are installed, so you can't login. For convenience reasons, we provide [a pregenerated, insecure key](https://github.com/phusion/baseimage-docker/blob/master/image/insecure_key) [(PuTTY format)](https://github.com/phusion/baseimage-docker/blob/master/image/insecure_key.ppk) that you easily enable. However, please be aware that using this key is for convenience only. It does not provide any security because this key (both the public and the private side) is publicly available. In production environments, you should use your own keys.
The first thing that you need to do is to ensure that you have the right SSH keys installed inside the container. By default, no keys are installed, so you can't login. For convenience reasons, we provide [a pregenerated, insecure key](https://github.com/phusion/baseimage-docker/blob/master/image/insecure_key) [(PuTTY format)](https://github.com/phusion/baseimage-docker/blob/master/image/insecure_key.ppk) that you can easily enable. However, please be aware that using this key is for convenience only. It does not provide any security because this key (both the public and the private side) is publicly available. **In production environments, you should use your own keys**.
#### Using the insecure key
Start a container with `--enable-insecure-key`
docker run YOUR_IMAGE /sbin/my_init --enable-insecure-key
Find out the ID of the container that you just ran:
docker ps
Once you have the ID, look for its IP address with:
docker inspect <ID> | grep IPAddress
Now SSH into the container as follows:
curl -o insecure_key -fSL https://github.com/phusion/baseimage-docker/raw/master/image/insecure_key
chmod 700 insecure_key
ssh -i insecure_key root@<IP address>
#### Using your own key
Edit your Dockerfile to install an SSH key:
@ -213,15 +236,10 @@ Edit your Dockerfile to install an SSH key:
ADD your_key /tmp/your_key
RUN cat /tmp/your_key >> /root/.ssh/authorized_keys && rm -f /tmp/your_key
## -OR-
## Uncomment this to enable the insecure key.
# RUN /usr/sbin/enable_insecure_key
Then rebuild your image. Once you have that, start a container based on that image:
docker run your-image-name
Find out the ID of the container that you just ran:
docker ps
@ -234,13 +252,6 @@ Now SSH into the container as follows:
ssh -i /path-to/your_key root@<IP address>
# -OR-
# If you're using the insecure key, download it and SSH
# into the container using that key.
curl -o insecure_key -fSL https://github.com/phusion/baseimage-docker/raw/master/image/insecure_key
chmod 700 insecure_key
ssh -i insecure_key root@<IP address>
<a name="building"></a>
## Building the image yourself

15
image/enable_insecure_key
View File

@ -12,6 +12,19 @@ else
chmod 700 "$DIR"
chown root:root "$DIR"
echo "Editing $AUTHORIZED_KEYS..."
cat /etc/insecure_key.pub > "$AUTHORIZED_KEYS"
cat /etc/insecure_key.pub >> "$AUTHORIZED_KEYS"
echo "Success: insecure key has been added to $AUTHORIZED_KEYS"
cat <<-EOF
+------------------------------------------------------------------------------+
| Insecure SSH key installed |
| |
| DO NOT expose port 22 on the Internet unless you know what you are doing! |
| |
| Use the private key bellow to connect with user root |
+------------------------------------------------------------------------------+
EOF
cat /etc/insecure_key
echo -e "\n\n"
fi

10
image/my_init
View File

@ -167,7 +167,14 @@ def wait_for_runit_services():
if not done:
time.sleep(0.1)
def install_insecure_key():
info("Installing insecure SSH key for user root")
run_command_killable("/usr/sbin/enable_insecure_key")
def main(args):
if args.enable_insecure_key:
install_insecure_key()
if not args.skip_startup_files:
run_startup_files()
@ -217,6 +224,9 @@ parser.add_argument('--no-kill-all-on-exit', dest = 'kill_all_on_exit',
parser.add_argument('--quiet', dest = 'log_level',
action = 'store_const', const = LOG_LEVEL_WARN, default = LOG_LEVEL_INFO,
help = 'Only print warnings and errors')
parser.add_argument('--enable-insecure-key', dest = 'enable_insecure_key',
action = 'store_const', const = True, default = False,
help = 'Install the insecure SSH key')
args = parser.parse_args()
log_level = args.log_level

5
image/system_services.sh
View File

@ -29,8 +29,9 @@ mkdir -p /root/.ssh
chmod 700 /root/.ssh
chown root:root /root/.ssh
cp /build/insecure_key.pub /etc/insecure_key.pub
chmod 644 /etc/insecure_key.pub
chown root:root /etc/insecure_key.pub
cp /build/insecure_key /etc/insecure_key
chmod 644 /etc/insecure_key*
chown root:root /etc/insecure_key*
cp /build/enable_insecure_key /usr/sbin/
## Install cron daemon.

11
test/runner.sh
View File

@ -12,19 +12,12 @@ function cleanup()
echo " --> Stopping container"
docker stop $ID >/dev/null
docker rm $ID >/dev/null
docker rmi baseimage_test >/dev/null 2>/dev/null
}
PWD=`pwd`
echo " --> Preparing container"
ID=`docker run -d $NAME:$VERSION enable_insecure_key`
docker wait $ID >/dev/null
docker commit $ID baseimage_test >/dev/null
docker rm $ID >/dev/null
echo " --> Starting container"
ID=`docker run -d -v $PWD/test:/test baseimage_test /sbin/my_init`
echo " --> Starting insecure container"
ID=`docker run -d -v $PWD/test:/test $NAME:$VERSION /sbin/my_init --enable-insecure-key`
sleep 1
echo " --> Obtaining IP"