Skip to content

Latest commit

 

History

History
86 lines (81 loc) · 3.06 KB

ssh-systemd.md

File metadata and controls

86 lines (81 loc) · 3.06 KB

prepare ssh container for fedora

To avoid port conflict, the container map ssh port 22 to 8022 and map udp port 810* to 820*.

build container

Run the following command to build ssh image, which perform the following actions:

  • install openssh package and utility packages.
  • create user packager.
  • set password for root and packager user: the password is password.
cd aprilsh/build
docker build --progress plain -t systemd:0.1.0 -f systemd.dockerfile .

start container

Run the following command to start ssh container, which perform the following action:

  • mapping ssh port 22 to 8022,
  • mapping udp port 810[0..3] to 820[0..3],
  • set hostname and container name to systemd.
docker run --env TZ=Asia/Shanghai --tty --privileged \
    --volume /sys/fs/cgroup:/sys/fs/cgroup:rw \
    --hostname systemd --name systemd -d -p 8022:22 \
    -p 8201:8101/udp -p 8202:8102/udp -p 8203:8103/udp systemd:0.1.0

get into the container

docker exec -u root -it systemd bash

check local ssh key

qiwang@Qi15Pro ~ % ls -al ~/.ssh
total 64
drwx------  10 qiwang  staff   320 May 16 09:25 .
drwxr-xr-x+ 36 qiwang  staff  1152 May 16 12:59 ..
-rw-------@  1 qiwang  staff   464 Feb 18 09:23 id_ed25519
-rw-r--r--@  1 qiwang  staff   102 Feb 18 09:23 id_ed25519.pub
-rw-------   1 qiwang  staff  2610 Feb  9  2022 id_rsa
-rw-r--r--   1 qiwang  staff   574 Feb  9  2022 id_rsa.pub

if you don't have any ssh keys, run the following command to generate it.

ssh-keygen -t ed25519
ssh-keygen -t rsa

clean knowhost

rm ~/.ssh/known_hosts*

add rsa key to ssh agent

Here is my ssh version:

  • ssh client: OpenSSH_9.0p1, LibreSSL 3.3.6
  • ssh server: OpenSSH_9.3p1, OpenSSL 3.1.1 30 May 2023

if apsh reports Failed to authenticate user "packager", which means your rsa key doen's work and sshd log shows: Connection closed by authenticating user packager 192.168.65.1 port 22915 [preauth], which might means rsa key is too long, use ssh agent as work-around.

ssh-add ~/.ssh/id_rsa   # add rsa private key to agent
ssh-add -L              # check public key represented by the agent

copy ssh public key to target host

ssh-copy-id -p 8022 -i ~/.ssh/id_rsa.pub packager@localhost
ssh-copy-id -p 8022 -i ~/.ssh/id_rsa.pub root@localhost
ssh-copy-id -p 8022 -i ~/.ssh/id_ed25519.pub packager@localhost
ssh-copy-id -p 8022 -i ~/.ssh/id_ed25519.pub root@localhost

verified ssh authentication with public key.

ssh -p 8022 root@localhost
ssh -p 8022 packager@localhost

start/stop service

systemctl status sshd.service             #check service status
systemctl enable sshd.service             #enable service
systemctl start sshd.service              #start service
systemctl restart sshd.service            #restart service
systemctl stop sshd.service               #stop service

check the service log

journalctl -u sshd.service                #only show sshd.service log
journalctl -f -u sshd.service             #keep reading the latest sshd.service log
journalctl --dmesg                        #only show kernel message