Search code examples
dockersshdocker-composedockerfileopenssh

docker : how to share ssh-keys between containers?

I've 4 containers configured like the following (docker-compose.yml):

version: '3'
networks:
  my-ntwk:
    ipam:
      config:
        - subnet: 172.20.0.0/24
services:
  f-app:
    image: f-app
    tty: true
    container_name: f-app
    hostname: f-app.info.my
    ports:
      - "22:22"
    networks:
      my-ntwk:
        ipv4_address: 172.20.0.5
    extra_hosts:
      - "f-db.info.my:172.20.0.6"
      - "p-app.info.my:172.20.0.7"
      - "p-db.info.my:172.20.0.8"
    depends_on:
      - f-db
      - p-app
      - p-db
  f-db:
    image: f-db
    tty: true
    container_name: f-db
    hostname: f-db.info.my
    networks:
      my-ntwk:
        ipv4_address: 172.20.0.6
  p-app:
    image: p-app
    tty: true
    container_name: p-app
    hostname: p-app.info.my
    networks:
      my-ntwk:
        ipv4_address: 172.20.0.7
  p-db:
    image: p-db
    tty: true
    container_name: prod-db
    hostname: p-db.info.my
    networks:
      my-ntwk:
        ipv4_address: 172.20.0.8

Each image is build by the same Dockerfile :

FROM openjdk:8

RUN apt-get update && \
    apt-get install -y openssh-server

EXPOSE 22

RUN useradd -s /bin/bash -p $(openssl passwd -1 myuser) -d /home/nf2/ -m myuser

ENTRYPOINT service ssh start && bash

Now I want to be able to connect from f-app to any other machine without typing the password when running this line : ssh myuser@f-db.info.my.

I know that I need to exchange ssh-keys between the servers (thats not a problem). My problem is how to do it with docker containers and when (build or runtime)!

Solution

  • For doing ssh without password you to need to create passwordless user along with configuring SSH keys in the container, plus you will also need to add ssh keys in the sources container plus public key should be added in the authorized of the destination container.

    Here is the working Dockerfile

    FROM openjdk:7

RUN apt-get update && \
    apt-get install -y openssh-server vim 

EXPOSE 22


RUN useradd -rm -d /home/nf2/ -s /bin/bash -g root -G sudo -u 1001 ubuntu
USER ubuntu
WORKDIR /home/ubuntu

RUN mkdir -p /home/nf2/.ssh/ && \
    chmod 0700 /home/nf2/.ssh  && \
    touch /home/nf2/.ssh/authorized_keys && \
    chmod 600 /home/nf2/.ssh/authorized_keys

COPY ssh-keys/ /keys/
RUN cat /keys/ssh_test.pub >> /home/nf2/.ssh/authorized_keys

USER root
ENTRYPOINT service ssh start && bash

    docker-compose will remain same, here is the testing script that you can try.

    #!/bin/bash
set -e
echo "start docker-compose"
docker-compose up -d
echo "list of containers"
docker-compose ps
echo "starting ssh test from f-db to f-app"
docker exec -it f-db sh -c "ssh -i /keys/ssh_test ubuntu@f-app"

    For further detail, you can try the above working example docker-container-ssh

    git clone git@github.com:Adiii717/docker-container-ssh.git
cd docker-container-ssh; 
./test.sh

    You can replace the keys as these were used for testing purpose only.