21 November 2021

Sometimes could be usefull for testing programs or bash scripts to copy files from one docker image to another docker container.

In this example I use:

• sender: a docker image based on ubuntu. From this container files are sent to receiver container and it is possible transfer files using the mechanism of known_hosts file, it is also copied a key from sender to receiver without requiring enter password to connect

• receiver: a docker image based on httpd daemon. This container has a http and ssh active daemon in order to be able to entrablish ssh connections. I choosed to use a httpd image because files could be browsable and visible via a normal browser, so based on your requirements it is not a mandatory to have http daemon.

Please note that to keep be simple:

• entrypoint bash or config files are created in dockerfile but could be mounted externally

docker-compose.yml

version: "3.7"
services:
  sender:
    build:
      context: .
      dockerfile: ./Dockerfile
      target: sender
    volumes:
      - /tmp/docker-ssh-service:/tmp
    links:
      - receiver
    tty: true
    stdin_open: true
    networks:
      - net-docker-ssh-service

  receiver:
    build:
      context: .
      dockerfile: ./Dockerfile
      target: receiver
    ports:
      - "10022:22"
      - "10080:80"
    networks:
      - net-docker-ssh-service

networks:
  net-docker-ssh-service:
    driver: bridge

Dockerfile

FROM ubuntu:21.10 as sender
RUN apt-get update && apt-get install -y openssh-client git sshpass

# In entry point is copied public keys in known_host 
RUN echo '#!/bin/bash\nmkdir --parent /root/.ssh && ssh-keyscan receiver > /root/.ssh/known_hosts\nexec bash --login' > /root/entrypoint && \
    chmod +x /root/entrypoint

# SSH key to be copied in receiver
RUN ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -P ""

WORKDIR /tmp
ENTRYPOINT ["/root/entrypoint"]

FROM httpd:2.4.51 as receiver
RUN apt-get update && apt-get install -y openssh-server 
RUN mkdir /var/run/sshd

RUN groupadd -g 501 receiver
RUN useradd -u 501 receiver -d /home/receiver -g receiver -p password

WORKDIR /home/receiver/.ssh
RUN ssh-keygen -t ed25519 -f /home/receiver/.ssh/id_ed25519 -P ""
# SSH config, to keep it simple I preferred in this example execute echo but could be copyied from external resources
RUN cp /etc/ssh/sshd_config /home/receiver/.ssh/sshd_config && \
	echo "HostKey /home/receiver/.ssh/id_ed25519" >> /home/receiver/.ssh/sshd_config && \
	echo "AuthorizedKeysFile       /home/receiver/.ssh/authorized_keys" >> /home/receiver/.ssh/sshd_config && \
        echo "PidFile /home/receiver/logs/sshd.pid" >> /home/receiver/.ssh/sshd_config

# Copying from sender public key
COPY --from=sender /root/.ssh/id_ed25519.pub  /home/receiver/.ssh/authorized_keys

WORKDIR /usr/local/apache2/htdocs/
# In order to avoid 'Set the 'ServerName' directive globally to suppress this message'
# change apache configuration file
RUN sed -i 's/#ServerName www.example.com:80/ServerName localhost:80/g' /usr/local/apache2/conf/httpd.conf
RUN usermod -a -G www-data receiver && \
	chown -R receiver:www-data /usr/local/apache2/


# To keep simple I prefer to run echo command to create entrypoint but could be copyied from external resources
WORKDIR /home/receiver/logs
WORKDIR /home/receiver/bin
RUN echo '#!/bin/bash\n/usr/local/apache2/bin/apachectl -f /usr/local/apache2/conf/httpd.conf\n/usr/sbin/sshd -f ~/.ssh/sshd_config -D -E /home/receiver/logs/sshd-out.log > /home/receiver/logs/sshd-err.log &\ntail -F /home/receiver/logs/sshd-out.log' > /home/receiver/bin/entrypoint && \
	chmod +x /home/receiver/bin/entrypoint

RUN chown -R receiver:receiver /home/receiver/ && \
	chmod 700 /home/receiver/  && \
	chmod 700 /home/receiver/.ssh  && \
	chmod -R 600 /home/receiver/.ssh/*

USER receiver:receiver

WORKDIR /home/receiver/
ENV HOME=/home/receiver

# Expose ssh and http port
EXPOSE 22
EXPOSE 80

ENTRYPOINT ["/home/receiver/bin/entrypoint"]

Example of usage:

• Copy the snippets above in /tmp/docker-ssh-service/docker-compose.yml and /tmp/docker-ssh-service/Dockerfile

• Create file in /tmp/docker-ssh-service/my-page.html with this content:

<!DOCTYPE html>
<html>
	<head>
		<title>Page Title</title>
	</head>
	<body>
		<h1>Wow my page is published!!</h1>
	</body>
</html>

• Open a terminal and move to /tmp/docker-ssh-service/ folder
• Execute command

docker-compose up -d --build && docker-compose exec sender bash

• We transfer file my-page.html to receiver

scp ./my-page.html receiver@receiver:/usr/local/apache2/htdocs/my-page.html

• Open file transferred via browser http://localhost:10080/my-page.html

References

• Docker official guider
• How to setup passwordless ssh login
• My previous post on docker ssh service as a root

---

© 2020-2021 | This work by ipsedixit is licensed under CC BY 4.0

Mixed with Bootstrap v3.1.1 | Baked with JBake v2.6.6