| 时间 | 版本 | 修改人 | 描述 |
|---|---|---|---|
| 2023年3月3日15:34:49 | V0.1 | 宋全恒 | 新建文档 |
简介
由于在镜像中需要进行jupyter和sshd的安装,并且需要进行密码的修改,因此在该文档中记录了这两个交互方式的工程设计。
在线加密
在线加密网址可以参考 sha1。
sshd
安装
Ubuntu
参考 [Linux上安装使用SSH(ubuntu&&redhat)](https://www.cnblogs.com/x_wukong/p/4475567.html)
安装
sudo apt-get install openssh-server openssh-client
启动
xjj@xjj-desktop:~$ sudo /etc/init.d/ssh start
FROM ubuntu:latest
RUN apt update && apt install openssh-server sudo -y
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 test
RUN echo 'test:test' | chpasswd
RUN service ssh start
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
ubuntu:18.04
root@39bfd410e593:~/install# /usr/sbin/sshd
Missing privilege separation directory: /run/sshd
ubuntu有该文件
root@39bfd410e593:~/install# service ssh start
* Starting OpenBSD Secure Shell server sshd
/etc/systemd/system/sshd.service
文件内容为:
[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target
Alias=sshd.service
ARG DEBIAN_FRONTEND=noninteractive
FROM ubuntu:18.04
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get install -y dialog openssh-server ssh vim
RUN echo "root:123456" | chpasswd \
&& sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
&& sed -i 's/^#\(PermitRootLogin.*\)/\1/' /etc/ssh/sshd_config
RUN /etc/init.d/ssh start
# RUN mkdir /var/run/sshd
EXPOSE 22
COPY ./test/start_ssh.sh /root/start_ssh.sh
RUN chmod +x /root/start_ssh.sh
RUN sed -i '$a\if [ -f /root/start_ssh.sh ]; then ' /root/.bashrc \
&& sed -i '$a\ . /root/start_ssh.sh' /root/.bashrc \
&& sed -i '$a\fi' /root/.bashrc
Centos
Centos Dockerfile参见
yum源清理
目录/var/cache/yum为yum的缓存目录,当前看一共385M
[root@0c8e199606b3 7]# ls
base extras timedhosts timedhosts.txt updates
[root@0c8e199606b3 7]# du -sh .
385M .
[root@0c8e199606b3 7]# du -sh ./*
112M ./base
4.8M ./extras
4.0K ./timedhosts
4.0K ./timedhosts.txt
269M ./updates
[root@0c8e199606b3 7]# cd updates/
[root@0c8e199606b3 updates]# ls
07b8602634b5cbac7f8388d06be56f28723393ab172b028ff7ad8d5bd57f2e59-filelists.sqlite.bz2 bc8950506fb13622afd9eb93c811884b6e2e7570afd5fac946f708ac01ae0cff-primary.sqlite.bz2 gen repomd.xml
33c5109226f2c5e469c8519c6102af5a7fe9fa4064ef8621e296da454197f370-other.sqlite.bz2 cachecookie packages
[root@0c8e199606b3 updates]# du -sh ./*
12M ./07b8602634b5cbac7f8388d06be56f28723393ab172b028ff7ad8d5bd57f2e59-filelists.sqlite.bz2
1.4M ./33c5109226f2c5e469c8519c6102af5a7fe9fa4064ef8621e296da454197f370-other.sqlite.bz2
21M ./bc8950506fb13622afd9eb93c811884b6e2e7570afd5fac946f708ac01ae0cff-primary.sqlite.bz2
0 ./cachecookie
236M ./gen
4.0K ./packages
8.0K ./repomd.xml
[root@0c8e199606b3 updates]# cd gen/
[root@0c8e199606b3 gen]# ls
filelists_db.sqlite other_db.sqlite primary_db.sqlite
[root@0c8e199606b3 gen]# du -sh ./*
108M ./filelists_db.sqlite
16M ./other_db.sqlite
113M ./primary_db.sqlite
使用yum clean all清理一下:
[root@0c8e199606b3 gen]# yum clean all
Loaded plugins: fastestmirror, ovl
Cleaning repos: base extras updates
Cleaning up list of fastest mirrors
[root@0c8e199606b3 gen]# cd ..
[root@0c8e199606b3 updates]# cd gen/
[root@0c8e199606b3 gen]# ls
[root@0c8e199606b3 gen]# cd ..
[root@0c8e199606b3 updates]# cd ..
[root@0c8e199606b3 7]# cd ..
[root@0c8e199606b3 x86_64]# ls
7
[root@0c8e199606b3 x86_64]# ls -R
.:
7
./7:
base extras timedhosts updates
./7/base:
gen packages
./7/base/gen:
./7/base/packages:
./7/extras:
gen packages
./7/extras/gen:
./7/extras/packages:
./7/updates:
gen packages
./7/updates/gen:
./7/updates/packages:
安装
yum install openssh openssh-clients openssh-server -y
[root@3622437dec5d /]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
解决 [启动sshd时,报“Could not load host key”错](https://www.cnblogs.com/netonline/p/7410586.html)
[root@aefe8007a17d ~]# ll /etc/ssh/
total 252
-rw-r--r-- 1 root root 242153 Mar 21 22:18 moduli
-rw-r--r-- 1 root root 2208 Mar 21 22:18 ssh_config
-rw------- 1 root root 4361 Mar 21 22:18 sshd_config
- 生成rsa_key (-t表示生成的密钥所使用的加密类型;-f项后接要生成的密钥文件名);
[root@aefe8007a17d ~]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
5e:2d:19:51:b1:e3:e0:60:65:53:e4:14:f8:d8:38:af root@aefe8007a17d
The key's randomart image is:
+--[ RSA 2048]----+
| ==Bo |
| o.= . |
| o o=+ |
| . o+*o. |
| S =oo |
| . . .. |
| . . |
| E |
| |
+-----------------+
[root@aefe8007a17d ~]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
- 生成ecdsa_key;
[root@aefe8007a17d ~]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
- 生成ed25519_key。
[root@aefe8007a17d ~]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
Centos 8开启sshd服务
ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
/usr/sbin/sshd -D & # 此时应该不会报错
-A 对于不存在主机密钥的每种密钥类型(rsa、dsa、ecdsa ed25519),生成具有默认密钥文件路径、空密码、密钥类型的默认位和默认注释的主机密钥。如果还指定-f,则其参数用作生成的主机密钥文件的默认路径的前缀。系统管理脚本使用它来生成新的主机密钥
ssh-keygen 用法
root@39bfd410e593:/etc/ssh# ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
root@39bfd410e593:/etc/ssh# /usr/sbin/sshd
Missing privilege separation directory: /run/sshd
root@39bfd410e593:/etc/ssh# mkdir /run/sshd
root@39bfd410e593:/etc/ssh# /usr/sbin/sshd
root@39bfd410e593:/etc/ssh# ps -ef | grep sshd
root 1262 1 0 08:09 pts/0 00:00:00 /usr/sbin/sshd -D
root 1319 1 0 08:21 pts/0 00:00:00 grep --color=auto sshd
启动
Docker使用Dockerfile创建支持ssh服务自启动的容器镜像
CentOS Linux release 8.4.2105
[root@513371c0d378 install]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
[root@513371c0d378 install]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
[root@513371c0d378 install]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:UJXr6ry8Zzs4WPLHuyanSgoxTxUGpWefAFVJ6dLeRek root@513371c0d378
The key's randomart image is:
+---[DSA 1024]----+
| o+=o++.. . |
| + oo . o |
| . *o + |
| +.+o.. E |
| o . oSo . |
| = . o o |
| . . .= + |
| . o.o* O |
| . .oB%+= |
+----[SHA256]-----+
[root@513371c0d378 install]# /usr/sbin/sshd
[root@513371c0d378 install]# /usr/sbin/sshd
[root@513371c0d378 install]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 07:33 pts/0 00:00:00 bash
root 66 1 0 07:35 ? 00:00:00 /usr/sbin/sshd
root 69 1 0 07:36 pts/0 00:00:00 ps -ef
修改密码
echo 123456 | passwd --stdin user002
echo "user003:123456" | chpasswd
但是第一种用法在ubuntu的高级版本上已经不再支持了。
首先执行密码修改:
root@d71bdfe8a2e4:~/.jupyter# echo root:123457|chpasswd
root@d71bdfe8a2e4:~/.jupyter# /etc/init.d/ssh restart
* Restarting OpenBSD Secure Shell server sshd
jupyterlab
安装
环境变量
08-01 周一Pytorch镜像中Jupyter部署.md
FROM ubuntu:20.04
MAINTAINER yxd "413643409@qq.com"
RUN mkdir -p /root/.local/share && mkdir -p /root/.config/autostart \
&& mv /etc/apt/sources.list /etc/apt/sources.list.bk
COPY sources.list /etc/apt/sources.list
COPY kite-autostart.desktop /root/.config/autostart/kite-autostart.desktop
COPY kite /root/.local/share/kite
COPY service.sh /root
RUN apt-get update && apt-get -y install python3 && apt-get -y install pip \
&& pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple \
&& pip install --upgrade pip setuptools && pip install jupyterlab==3.2.6 \
&& pip install jupyterlab-language-pack-zh-CN && pip install 'jupyterlab-kite>=2.0.2' \
&& jupyter lab --generate-config \
&& sed -i "602a c.ServerApp.allow_root = True" /root/.jupyter/jupyter_lab_config.py \
&& sed -i "755a c.ServerApp.ip = '0.0.0.0'" /root/.jupyter/jupyter_lab_config.py \
&& sed -i "971a c.ServerApp.token = ''" /root/.jupyter/jupyter_lab_config.py
ENTRYPOINT /root/service.sh
EXPOSE 8888
root@0a6c83a092c3:~/.jupyter# vim jupyter_server_config.json
root@0a6c83a092c3:~/.jupyter# ll
total 56
drwx------ 2 root root 4096 Mar 10 07:23 ./
drwx------ 1 root root 4096 Mar 10 07:23 ../
-rw-r--r-- 1 root root 37510 Mar 10 07:17 jupyter_lab_config.py
-rw------- 1 root root 162 Mar 10 07:21 jupyter_server_config.json
{
"IdentityProvider": {
"hashed_password": "argon2:$argon2id$v=19$m=10240,t=10,p=8$seLP/azPKPymYf+pSNZJeA$iccHG6K+4zKjbHRYWkfg/9/mmYYsB58XSWrt8letlVc"
}
}
修改密码
密码设置参考
貌似jupyterlab使用argon2的加密方式进行加密的。
通过验证将该密码设置到文件
root@d71bdfe8a2e4:~/.jupyter# cat jupyter_server_config.json
{
"ServerApp": {
"password": "argon2:$argon2id$v=19$m=10240,t=10,p=8$0YkbvHJ6AJT0BJnU7Y+BBA$dK3tt/3V6gMhhW6LCy+XO5IolrIz/CIJ2kUABHd+vkw"
}
}
root@d71bdfe8a2e4:~/.jupyter# supervisorctl restart jupyter
jupyter: stopped
jupyter: started
root@d71bdfe8a2e4:~/.jupyter# cat jupyter_server_config.json
{
"ServerApp": {
"password": "sha1:3868455546ad:deaf84d33c1d2cdf27988e00e20cd219258df764"
}
}
这样重启了jupyter之后,使用123456是可以登录进去的。
这样就变成了加密的密文是否有随机性。
另外加密sha256可以参考 设置使用 SHA 256 加密的 Jupyter Lab 密码
但是这个salt和密文会同时变化
加盐
至此,jupyter加密的方式就完成了修改。
并且可以实现重启之后,进行密码的验证。重新进入。
supervisor
安装
supervisor管理sshd和jupyter
问题出现
无法使用ssh验证?
这是因为ssh 把10.101.14.37:9922当成了主机名,而这不符合我们的想法,通过参数来指定端口即可完成。
