Your message dated Sat, 17 May 2014 23:04:51 +0200
with message-id <[email protected]>
and subject line Can be fixed in container
has caused the Debian Bug report #747648,
regarding docker.io: docker 0.11.1 ssh to containers do not work anymore
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
747648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747648
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: docker.io
Version: 0.11.1~dfsg1-1
Severity: normal
Dear Maintainer,
ssh to a docker container does not work with docker 0.11.1, swap to
older 0.9.1~dfsg1-2 and ssh works again.
try the following Dockerfile in an empty directory:
snip...
FROM debian:testing
RUN echo "deb http://http.debian.net/debian/ testing main"
>/etc/apt/sources.list
RUN apt-get update
RUN apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN mkdir /root/.ssh
ADD id_rsa.pub /root/.ssh/authorized_keys
RUN chmod 600 /root/.ssh/authorized_keys
RUN chmod 700 /root/.ssh
RUN chown -R root.root /root/.ssh
EXPOSE 22
CMD /usr/sbin/sshd -D
snip...
copy a working id_rsa.pub of your user into your Dockerfile's directory
do: docker build testssh .
do: docker run --name myssh -t -i testssh
Find container's IP in another terminal:
MYIP=`docker inspect --format '{{ .NetworkSettings.IPAddress }}' myssh`
ssh $MYIP
Expected: you get a root prompt in your running container
This works with 0.9.1~dfsg1-2. With 0.11.1 the login banner is shown and
after this the connection is closed - no prompt
According to
https://github.com/dotcloud/docker/pulse/monthly#merged-pull-requests
there were problems with ssh and selinux set but I run docker.io
without the --selinux-enable option. Of course with --selinux-enable it
does not work either.
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages docker.io depends on:
ii adduser 3.113+nmu3
ii init-system-helpers 1.18
ii iptables 1.4.21-1
ii libapparmor1 2.8.0-5+b1
ii libc6 2.18-5
ii libdevmapper1.02.1 2:1.02.83-2
ii libsqlite3-0 3.8.4.3-3
ii perl 5.18.2-2+b1
Versions of packages docker.io recommends:
ii aufs-tools 1:3.2+20130722-1.1
ii ca-certificates 20140325
ii cgroupfs-mount 1.0
ii git 1:2.0.0~rc0-2
ii xz-utils 5.1.1alpha+20120614-2
Versions of packages docker.io suggests:
ii btrfs-tools 3.14.1-1
ii debootstrap 1.0.59
pn lxc <none>
pn rinse <none>
-- Configuration Files:
/etc/default/docker.io changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
I can confirm that correcting the pam setting by
RUN sed -ri 's/^session\s+required\s+pam_loginuid.so$/session optional
pam_loginuid.so/' /etc/pam.d/sshd
in a debian container solves the problem with the debian docker.io
But IMHO there is an upstream problem because the example does not work
out of the box at http://docs.docker.io/examples/running_ssh_service/
--- End Message ---
