docker ssh秘钥免密登录

时间:2024-09-08 11:06:50

一、概述

有一台跳板机,已经实现了免密登录后端服务器。但是我写了一个django项目,它是运行在容器中的,也需要免密登录后端服务器。

虽然可以在容器中手动做一下免密登录,但是容器重启之后,之前做的设置都消失了。

是否可以在生成新的django镜像时,也能免密登录后端服务器呢?答案是可以的!

二、实现过程

环境说明

跳板机

操作系统:centos 7.6

ip地址:192.168.28.229

后端主机

操作系统:centos 7.6

ip地址:192.168.28.218

制作docker镜像

django_base目录结构如下:

./

├── dockerfile

├── id_rsa

│   ├── id_rsa

│   └── id_rsa.pub

├── pip.conf

├── requirements.txt

├── run.sh

└── sources.list

dockerfile

FROM ubuntu:16.04

# 修改更新源为阿里云

ADD sources.list /etc/apt/sources.list

ADD . /

# 时区为上海

ENV TZ Asia/Shanghai

# 设置时区,设置utf-8编码,安装django,添加任务计划

RUN apt-get update && apt-get install -y tzdata locales python3-pip cron openssh-server && apt-get clean all && \

    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && \

    locale-gen en_US.UTF-8 && \

    mkdir ~/.pip && cp /pip.conf ~/.pip && pip3 install --upgrade pip && \

    pip3 install -r /requirements.txt && \

    mkdir ~/.ssh && cp -r /id_rsa/* ~/.ssh

# 解决中文乱码问题

#RUN locale-gen en_US.UTF-8

ENV LANG en_US.UTF-8

ENV LANGUAGE en_US:en

ENV LC_ALL en_US.UTF-8

# 添加启动脚本

ADD run.sh .

RUN chmod 755 run.sh

ENTRYPOINT [ "/run.sh"]

id_rsa文件夹里面的2个文件,就是跳板机的ssh秘钥,copy进来即可。

pip.conf

[global]

index-url = http://pypi.douban.com/simple

trusted-host = pypi.douban.com

requirements.txt

Django==2.1.8

paramiko==2.7.1

run.sh

#!/bin/bash

# 收集主机公钥,写入known_hosts,避免出现Are you sure you want to continue connecting (yes/no)?

ssh-keyscan -H -t ecdsa -p 22 192.168.28.218 >> ~/.ssh/known_hosts

sources.list

# deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted

deb-src http://archive.ubuntu.com/ubuntu xenial main restricted #Added by software-properties

deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted

deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe #Added by software-properties

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted

deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties

deb http://mirrors.aliyun.com/ubuntu/ xenial universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse

deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties

deb http://archive.canonical.com/ubuntu xenial partner

deb-src http://archive.canonical.com/ubuntu xenial partner

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted

deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties

deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse

生成镜像

cd django_base

docker build -t django_base:v1 .

运行镜像

docker run -it django_base:v1 /bin/bash

测试ssh免密

ssh 192.168.28.218

不需要输入密码,就表示成功了。

相关文章