问题描述
我在我的几个项目中都使用Docker,其中一个要求是使用Docker文件生成ssh密钥,以便在容器构建时将生成一对rsa密钥。 .sh文件和Dockerfile具有运行该.sh文件的共同点。有没有一种方法可以直接在Dockerfile中而不是.sh
I am using Docker for few of my projects, where one requirement is to generate ssh keys using Docker file, so that when the container builds it will generate a pair of rsa keys.I have seen some examples where key generation happens via .sh file and Dockerfile has the commond to run that .sh file. Is there a way we can do it directly in Dockerfile instead of .sh
目前,我正在Dockerfile中使用以下代码生成ssh密钥对。但这给了我一个错误,说找不到/ bin / sh ssh-keygen
Currently I am using following in Dockerfile to generate ssh key pair. But this gives me error saying "/bin/sh ssh-keygen not found"
RUN ssh-keygen -q -t rsa -N '' -f /home/docker/.ssh/id_rsa
如果
谢谢,
Yash
Thanks,Yash
推荐答案
问题是您的容器中尚无法使用ssh-keygen。这可以很容易地解决,例如,通过在ubuntu基本映像上安装openssl-client软件包。
The problem is that ssh-keygen is not available in your container yet. This can be easily solved, for example by installing the openssl-client package on a ubuntu base image.
以下Dockerfile正是这样做的,并将密钥放置在容器的根目录中文件夹
The following Dockerfile does precisely that and places a key in the container's root folder
FROM ubuntu:latest
RUN apt-get -y install openssh-client
RUN ssh-keygen -q -t rsa -N '' -f /id_rsa
但请阅读以下内容:
我的强烈建议是根本不要将密钥,证书放在容器的文件系统中!这可能会导致严重的安全风险,因为基本上任何获得容器映像的人都可以在密钥有效的服务上对自己进行身份验证;
BUT READ THIS:My strong advice is not to place keys, certificates whatsoever into the container's file system at all! This might lead to strong security risks, as essentially anyone who obtains the container image can authenticate himself at services the key is valid for; it forces you to handle container images with the same care you would treat cryptographic keys and certificates!
因此,建议将密钥保留在容器之外。使用Docker VOLUMES可以轻松实现。并且只需在启动时将包含密钥/容器的卷安装到Docker容器中。
Hence, it is advisable to keep the keys outside of the container. This can be easily achieved by using Docker VOLUMES; and you'd simply mount a volume holding keys/containers into the Docker container when launching it.
在容器外创建密钥
容器启动后,以下Dockerfile会代替创建密钥,并且可以使用它在容器的文件系统外部创建密钥
CREATING KEYS OUTSIDE THE CONTAINERThe following Dockerfile does instead create the key once the container is started, and it may be used to create the key outside the container's file system
FROM ubuntu:latest
RUN apt-get -y install openssh-client
CMD ssh-keygen -q -t rsa -N '' -f /keys/id_rsa
首先,使用以下命令构建容器:
First, build the container with the following command:
docker build -t keygen-container .
使用以下容器启动容器
docker run -v /tmp/:/keys keygen-container
将在/ tmp主机上创建一个密钥。
will create a key on the host in /tmp.
这篇关于使用dockerfile生成ssh密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!