This article covers a method for deploying AN SFTP service in a container. It has been proved that it can reach the expected goal and be applied in practical work.
One, the introduction
You need to deploy an SFTP server to test data.
Two, technical summary
-
Dockerhub related image, direct pull available.
-
Note the user name and home directory at runtime. If you use user foo, you need to mount it to /home/foo.
-
You need to manually set the SSH key; otherwise, a new key will be generated each time you restart the SYSTEM.
-
The upload permission problem is not resolved.
Three, practice
3.1 download
Command:
docker pull atmoz/sftp
Copy the code
Test run:
docker run \
-v /tmp/upload:/home/foo/upload \
--name sftp \
-p 2222:22 -itd atmoz/sftp \
foo:pass:1000
Copy the code
Note: Mount TMP /upload to the directory with the same name as container home. The password of the account is foo and pass, and the UID is the same as that of the host user who runs this command, i.e. 1000 (you can check it in the /etc/passwd file).
Test connection:
sftp -P 2222 foo@localhost
foo@localhost's password:
Connected to localhost.
sftp> ls
upload
sftp> cd upload/
sftp> put webdemo
Uploading webdemo to /upload/webdemo
remote open("/upload/webdemo"): Permission denied
Copy the code
Upload directory: upload directory:
$ docker exec -it sftp bash root@35f5c9abeb71:/# cd home/ root@35f5c9abeb71:/home/foo# ls -lh total 0 drwxr-xr-x. 2 root root 6 May 10 07:05 upload root@35f5c9abeb71:/home/foo# chmod 777 upload/ -R root@35f5c9abeb71:/home/foo# ls -lh total 0 drwxrwxrwx. 2 root root 21 May 10 07:27 uploadCopy the code
It can be uploaded normally
SFTP > put webdemo Uploading webdemo to /upload/webdemo webdemo 100% 6706KB 53.1MB/s 00:00 SFTP > exitCopy the code
4. Common SFTP commands
Login: SFTP -p < port > < username >@<IP>? Quit: Exit the CD LCD: access a directory (note: the prefix l indicates the host) ls LLS: view the directory PWD LPWD: view the current directory mdir: create a directory put: upload a file (directory: -r) get: download a fileCopy the code
5. Specify the SSH key
By default, each time the service is restarted, a new key is generated that requires user confirmation (see appendix). You can manually specify the key to solve this problem.
mkdir ssh cd ssh ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/nullCopy the code
Add the following parameters when running:
-v <host-dir>/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key \
-v <host-dir>/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key \
Copy the code
Docker-compose deployment
The corresponding YAML files are as follows:
version: "2"
services:
sftp:
image: atmoz/sftp
container_name: sftp
volumes:
- ./upload:/home/aftp/
- ./ssh/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key
- ./ssh/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key
ports:
- "2222:22"
command: aftp:passworld:1000
Copy the code
Note: In this example, mount the upload directory of the current directory directly to the user’s home directory, unlike the upload directory described above. In this way, the root directory of the client after connection is the upload directory of the host computer, which is more convenient.
Seven, reference
SFTP mirror: hub.docker.com/r/atmoz/sft…
The attached
There are articles on the web that add the –privileged=true parameter when running the container command.
When you run the SFTP command for the first time, you need to confirm the connection. The following information is displayed:
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ED25526 key fingerprint is SHA256:FUCkkcufctB3fasdf45sszVCaqRQTY7+Qasjw235A+XwCg.
ED25526 key fingerprint is MD5:17:fu:ck:3d:bb:aa:00:35:79:ac:bc:cc:dc:ec:71:bb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (ED25526) to the list of known hosts.
Copy the code
If you restart (and so count as your first run), you will be prompted:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:FTKtctB6yBQasdfasdfasdf3fasdf7+QSBTLyyasdfasdfasdfCg.
Please contact your system administrator.
Add correct host key in /home/lateee/.ssh/known_hosts to get rid of this message.
Offending ED25526 key in /home/lateee/.ssh/known_hosts:4
Copy the code
In this case, you need to edit the /home/latee/.ssh/known_hosts file and delete the corresponding line of information (in this case, 2222).
Question: If the above prompt appears for the first time using program connection, how do I type yes? To study.
When docker-compose is run once, the client connection appears:
$SFTP P2222 - [email protected]
Connection closed by 127.0.0.1 port 2222
Couldn't read packet: Connection reset by peer
Copy the code
The SFTP server directory is in Windows and changed to Linux. The problem is resolved. (In order to reduce the space occupied by the VIRTUAL machine and facilitate debugging, I used to use the shared directory of the virtual machine and operate the Windows hard disk in Linux.)
Run on a certain day, prompt:
$ docker-compose up
Creating network "sftp_default" with the default driver
Creating sftp ... done
Attaching to sftp
sftp | [/usr/local/bin/create-sftp-user] Parsing user data: "aftp:passworld:1000"
sftp | [/entrypoint] Executing sshd
sftp | /run/sshd must be owned by root and not group or world-writable.
sftp exited with code 255
Copy the code
It was working fine. The cause is unclear.