We have a similar need, but are facing a slightly different problem. We have a Jenkins master at one site, with a local docker cloud attached, using the docker plugin. This is able to schedule jobs on the host, and attach to the containers over the docker network (172.x.y.z). We have configured these containers to run and SSH daemon, so jenkins slaves enter via the usual SSH mechanism.
This is one option that you can use.
However as I said, we have a different issue which maybe you can provide some input to - we have a remote site which exposes a docker API. We ca connect via Jenkins to the API, and containers get launched, but we cannot enter them from the jenkins server to start the slave because they have private IP addresses, which are not accessible to the remote master.
I think the only way to enter them is to expose the ssh service over a series of different ports.
Any suggestions ?