Jan 26, 2023
Run a Secure SSH Server With Docker in 3 Steps
Step 1: Writing the Dockerfile
In order to simplify the set up process, we're going to start by writing a Dockerfile
that contains all the necessary instructions for building the SSH server image.
$ touch Dockerfile
Selecting a base image
For this tutorial, we'll use as a base image the latest version of Ubuntu for Docker, available on the official Docker Hub repository.
FROM ubuntu
Unminimizing the image
Unlike Ubuntu for desktop, the ubuntu image for Docker is a minimal image designed for automated deployment at scale. It has a greatly reduced default package set, without many convenience tools for interactive usage.
To convert this minimal instance into a standard environment suitable for interactive usage, we can use the unminimize
command:
RUN yes | unminimize
That will install the standard Ubuntu Server packages for us.
Installing additional packages
We're now going to make sure that the package lists and available packages are up-to-date:
RUN apt update && apt upgrade -y
And we're going to install two additional packages:
- The
sudo
package; which allows users to run commands as the root user. - The
openssh-server
package; which allows for secure remote connections.
RUN apt install sudo openssh-server -y
Note that the -y
option flag is used in non-interactive mode to automatically accept the installation of packages and their dependencies.
Creating a sudo user
Since by default the only available user account is the root
account, we're going to create a new user account named ubuntu
using the useradd
command:
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 ubuntu
Which will:
- Set its home directory to
/home/ubuntu
. - Set its default shell to
/bin/bash
. - Add it to the
root
andsudo
groups. - Set its
UID
to1000
.
Once created, we're going to set this new user's password to admin using the chpasswd
command:
RUN echo 'ubuntu:admin' | chpasswd
Defining a start command
Finally, we're going to define the /bin/bash
command as the default command to be executed upon container startup.
CMD ["/bin/bash"]
The complete Dockerfile
# Pull ubuntu:latest
FROM ubuntu
# Install base packages
RUN yes | unminimize
# Update packages
RUN apt update && apt upgrade -y
# Install sudo and OpenSSH
RUN apt install sudo openssh-server -y
# Create new sudo user
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 ubuntu
# Update user password
RUN echo 'ubuntu:admin' | chpasswd
# Run shell
CMD ["/bin/bash"]
Step 2: Building the Image
To convert the Dockerfile into an actual Docker image, we're going to use the docker build command
, and tag this image using the -t
option flag:
$ docker build -t ubuntu-ssh .
Once the building process is completed, we can verify that the image is ready to be used by running the docker images
command:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu-ssh latest 0c717bfd9ec0 10 minutes ago 291MB
Step 3: Starting the SSH Server
Running the container
To now launch a container named ssh-server
based on the ubuntu-ssh
image we've just build, we can use the docker run
command:
$ docker run -dit --name ssh-server -p 22:22 ubuntu-ssh
Where:
- The
-d
flag is used to run the container as a background process (i.e. detached mode). - The
-it
flags are used to run the container in interactive terminal mode. - The
--name
flag is used to give a name to the container. - The
-p
flag is used to connect the ports of the local environment to the ports of the container.
Once we've done that, we can verify that the container is up and running using the docker ps command:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
246bf5f46b50 ubuntu-ssh "/bin/bash" 16 minutes ago Up 16 minutes 0.0.0.0:22->22/tcp ssh-server
Starting the server
Now that the container is running, we can start the SSH server by executing the service ssh start
command within it using the docker exec
command:
$ docker exec ssh-server /bin/bash -c "service ssh start"
* Starting OpenBSD Secure Shell server sshd
...done.
Connecting to the server
We can now connect to the server with the username (i.e. ubuntu
) and password (i.e. admin
) we've previously created using the ssh
command:
$ ssh ubuntu@127.0.0.1
Et voilà!