Tag Archives: ssh

Install a docker container in centos7 that can log in SSH

Recently, I’ve been working on docker, which really excited me for a few days. Let’s share the installation process

Because docker requires a higher version of Linux kernel, I installed centos7 in VBox. As for how to install CentOS 7, I don’t need to worry about it. Here is the minimal installation

First, configure the network card to ensure that the virtual machine can access the network normally, because the installation of docker requires networking. I am usually used to setting up two network cards when installing virtual machine. One uses NAT to connect and is responsible for surfing the Internet; A host only connection is used to connect the host to the virtual machine. Then enable the two network cards, the simplest way is to enter dhclient mode, the system will automatically assign IP to the network card

First of all, the command to install docker:
is used

#yum-yinstalldocker

After the installation, you can use the following command to view the available images:

#dockerimages
REPOSITORYTAGIMAGEIDCREATEDVIRTUALSIZE

At this time, no image is available and the container cannot be started, so we need to download the image. In this step, we can choose to download images of different systems. Here, we still choose the most familiar CentOS. In this step, docker will download image files online

#dockerpullcentos

Wait until the image download is completed, and then use the docker images command to see several CentOS images:

#dockerimages
REPOSITORYTAGIMAGEIDCREATEDVIRTUALSIZE

First, build a docker container that can be accessed through SSH

1. Start a docker container:

#dockerrun-i-tcentos/bin/bash

This creates a new docker container and enters the bash of the container

2. Install sshd:

#yum-yinstallopenssh-server

3. Start sshd. Use absolute path here. To view the path of a command, use where is or which:

#/usr/sbin/sshd-D

The following error occurs when starting sshd under centos.

Could not load host key: /etc/ssh/ssh_host_rsa_key

Could not load host key: /etc/ssh/ssh_host_dsa_key

Simply execute the following commands in sequence.

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key #just enter

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key #just enter

ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N “”

Press and start the sshd service again, it should be fine. 4.

4. After finishing, edit the sshd_config configuration file, find the paragraph UsePAM yes, change it to UsePAM no

#UsePAMno
UsePAMyes
to
UsePAMno
#UsePAMyes

If you don’t modify this paragraph, you will exit immediately when you log in to the container using SSH

5. Install passwd and change the password of root

#yum-yinstallpasswd
#passwroot
Changingpasswordforuserroot.
Newpassword:

6. After changing the password, execute the exit command to exit. At this time, you will return to the shell of the host machine and execute the following command to submit the container to the image:

#dockercommitcontaineridimagename

Here, containerid is the ID of the container, and imagename is the name of the image at the time of submission. It’s better to use a new name when submitting for the first time, instead of covering the original clean CentOS image

The container ID can be viewed through the docker PS – L command. After starting the container, the default host name is actually the container ID

7. Start a new container through docker run. The parameter – D means running in the background and – P means mapping the docker to the host port

#dockerrun-d-p10022:22imagename/usr/sbin/sshd-D

If there is no problem starting, you can log in to the container:

#sshroot@localhost-p10022

After logging in, we can install all kinds of software and build all kinds of environments

When using SSH to log in to MySQL, Navicat reported an error: expected key exchange group packet from server

1、 Navicat SSH connection mode

Because the company uses alicloud’s RDS, it needs to connect to the database through the intranet (it does not provide direct public network access). At this time, you can use the SSH method of Navicat to connect to the RDS through a springboard machine

2、 Connection error and solution

Error: SSH: expected key exchange group packet from server

Solution:

1. Upgrade Navicat

2. Modifying the configuration of sshd

[root@Manager ~]#vim /etc/ssh/sshd_config  #Edit the sshd configuration file and add at the end
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

Repair of SSH startup failure after Ubuntu 16.04 update

After chopping hands, the fraud call came before the express delivery was received. How to improve the privacy and security of e-commerce>>>

On the first day after the festival, the virtual machine was updated. After restarting, SSH could not be accessed. I quickly logged in to the manufacturer’s control panel to have a look. I could only use the provided online shell to enter the system to find problems. First, I manually restarted the SSH service

Failed to start OpenBSD Secure Shell server

Hurry to Baidu, use systemctl status ssh.service to check, refer to two articles, and carefully check/etc/SSH/sshd_ Finally, it runs

sshd -T

Create directory MKDIR/var/run/sshd

Finally, restart the SSH service and check the status. You can also log in locally

SSH login error: “warning: unprotected private key file” problem

Open source software supply chain lighting plan, waiting for you>>>

Fault phenomenon:

[root@localhost .ssh]# ssh [email protected]

The authenticity of host '192.168.100.100 (192.168.100.100)' can't be established.

ECDSA key fingerprint is fb:db:01:40:52:4c:da:9d:56:43:52:a5:c0:27:5e:d2.

Are you sure you want to continue connecting (yes/no)?yes

Warning: Permanently added '192.168.100.100' (ECDSA) to the list of known hosts.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: UNPROTECTED PRIVATE KEY FILE! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Permissions 0644 for '/root/.ssh/id_rsa' are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

bad permissions: ignore key: /root/.ssh/id_rsa

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Treatment process:

[root@localhost .ssh]# chmod 700 /root/.ssh/id_rsa

[root@localhost .ssh]# ssh [email protected]

Last login: Wed Feb 22 06:45:48 2017 from 192.168.100.205

Solution:

This means that the key file permission cannot be 06440644. The permission is too open. It requires that your key file cannot be read by other users. So now we need to modify the key file permissions. Enter Chmod 700/root /. SSH/ID on the command line_ RSA is enough. Here is/root /. SSH/ID_ “RSA” is the key file name given in warning, so you need to change it to the key file name given in your warning information

The format is as follows: Chmod permission code key file name

[Solved] SSH is disconnected as soon as it is connected

SSH disconnects as soon as it is connected

Debug message output.

debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]=’/usr/sbin/sshd’
debug1: rexec_argv[1]=’-d’
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 118.11.11.11 port 40989 on 172.11.11.11 port 22
debug1: Client protocol version 2.0; client software version SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: no match: SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: permanently_set_uid: 110/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user root service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for “root”
debug1: PAM: setting PAM_RHOST to “118.*****。**。**”
debug1: PAM: setting PAM_TTY to “ssh”

Solution.

Find the following file and comment out this line

Just comment this line in file “/etc/pam.d/sshd”:

sessionrequiredpam_loginuid.so

SSH Error: (ssh: connect to host localhost port 22: Connection refused)

SSH: connect to host localhost port 22: connection reused

1.Problem description

I used to use the pagoda panel on the service before, but today I had a whim to use the pagoda panel on my computer. (the pagoda panel is really easy to use, especially for my ZZ little white)… But after installing the pagoda panel, when I started the terminal of the panel, I found that when I entered the SSH user name and password, there was no response, and the password and account number were clearly right

some people may want to ask, you TM use the pagoda panel on this machine, but also use the terminal of the pagoda, isn’t it unnecessary,, emmm is indeed, but I just like to do too much… Now that I find this problem, let’s try how to solve it

2. Problem solving

the possible reasons are: the port is not opened, the local firewall refuses, and the local machine has no SSH service

finally, the problem is that there is no SSH service on this machine, right! No, SSH is often used when you use Linux, but this machine may not have SSH service, so we need to install SSH service

generate SSH secret key

$ ssh-keygen -t rsa (Press enter evenly to generate the secret key)

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

install openssh server (take Ubuntu operating system as an example)

$ sudo apt install openssh-server
 $ sudo /etc/init.d/ssh start

Test

$ ps -ef | grep ssh(View sshd process)
 $ ssh 127.0.0.1

3. Success:

as shown in the figure:

if you have any questions, please leave a message, and you will help solve them when you see them

SSH connection to the server two small problems, bad file number and SSH Chinese garbled

when you connect to the remote server through SSH, bad file number appears

The reason for using openSUSE distribution may be that the server firewall has disabled the SSH service

1) using YaST control center, the setting is very simple. Although the buttons can’t be clicked, the shortcut keys are very convenient（ It’s a graphical interface)

2) search by yourself in other ways

2. after logging in to the server, SSH Chinese garbled

export LC_ ALL=zh_ CN.GBK

Solution of port 22: no route to host problem in SSH

ssh met port 22:No route to host problem

Reference phrase:

(1) ssh met port 22:No route to host problem

(2) https://www.cnblogs.com/long5683/p/11131410.html

[br>227919;] Forget it.

DebugAH

How to Solve Your Programmer Error