How to install a SSH server on a docker container based on: openjdk:8-jdk-alpine

davidesp · January 20, 2020, 3:37pm

I have the following Dockerfile:

# CONSTRAINT: I need to use this Base Image
FROM openjdk:8-jdk-alpine

RUN apk add openrc

# Reference:
# https://wiki.alpinelinux.org/wiki/Setting_up_a_ssh-server
RUN apk add openssh
RUN rc-update add sshd

# This fails, why?, how to fix it?
# RUN /etc/init.d/sshd start

# ...
# what to put here in order to install a SSH server?
# ...

# Just to keep the Container running
ENTRYPOINT ["tail", "-f", "/dev/null"]

To run that container I do:

$ docker build -t myorg/myapp .
$ docker run -d --name myapp-instance myorg/myapp
$ docker exec -ti myapp-instance /bin/sh

My question is: how to install a SSH server on that container?

I tried what is explained on this link:

https://wiki.alpinelinux.org/wiki/Setting_up_a_ssh-server

but when I do:

# rc-status

I get:

 * Caching service dependencies ...
Service `hwdrivers' needs non existent service `dev'                                                                                                                                                                                   [ ok ]
Runlevel: sysinit
 sshd                                                                                                                                                                                                                           [  stopped  ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed/wanted
Dynamic Runlevel: manual

and when I do:

# /etc/init.d/sshd start

I get:

/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/blkio/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/cpu/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/cpuacct/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/cpuset/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/devices/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/freezer/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/hugetlb/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/memory/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/net_cls/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/net_prio/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/perf_event/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/pids/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 101: can't create /sys/fs/cgroup/systemd/tasks: Read-only file system
 * You are attempting to run an openrc service on a
 * system which openrc did not boot.
 * You may be inside a chroot or you may have used
 * another initialization system to boot this system.
 * In this situation, you will get unpredictable results!
 * If you really want to do this, issue the following command:
 * touch /run/openrc/softlevel
 * ERROR: sshd failed to start

Any idea on how to make the SSH server to work on this doker container with the constraints highlighted on the Dockerfile?

If possible, please, provide the updated Dockerfile.

Thanks!

arthurnobrega · April 19, 2020, 3:33pm

Same problem here @davidesp, did you find the solution?

mgabeldocker · April 21, 2020, 1:30pm

Well … actually there’re not just one but a few issues here.
Short Version: There’s something wrong with Alpine. So the following issues should more be addressed towards the Alpine developpent rather than Docker.
But let’s start at the beginning: It seems that the openrc doesn’t work at all with current versions of Alpine images. I tried the alpine:latest and rc would always fail to launch sshd (with the error listed above). But even when you start the sshd manually an error is thrown telling you that the “ssh host key” is missing.
And indeed no hostkeys are present. This means the installation process (apk add openssh) is broken. To fix this, you’ll have to create it/them manually.
Since starting of sshd via rc fails, you need to add a little script that will launch the deamon (plus your Java app) or specify the sshd as entrypoint

This Dockerfile works:
FROM openjdk:8-jdk-alpine
RUN apk add openssh
RUN ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N “”
COPY run.sh /tmp
ENTRYPOINT ["/tmp/run.sh"]