SSH key-based authentication in containers¶

SSH key-based authentication in containers is configured within the image build process to enable secure, passwordless root access.^[600-developer__docker__Dockerfile__docker-ssh.md]

Configuration steps¶

To implement this method, a Dockerfile must install the OpenSSH server and prepare the container environment.^[600-developer__docker__Dockerfile__docker-ssh.md] The required steps include:

• Installing dependencies: Use apt-get to install openssh-server and create the necessary directory /var/run/sshd.^[600-developer__docker__Dockerfile__docker-ssh.md]
• Preparing SSH directories: Ensure the SSH directory for the root user exists by running mkdir -p /root/.ssh.^[600-developer__docker__Dockerfile__docker-ssh.md]
• Modifying PAM settings: Update the PAM configuration file /etc/pam.d/sshd to comment out the session required pam_loginuid.so line, which removes a restriction that can prevent SSH login in non-interactive container environments.^[600-developer__docker__Dockerfile__docker-ssh.md]

Key deployment¶

Authentication is handled by copying an authorized_keys file from the build context into the image's /root/.ssh/ directory using the COPY instruction.^[600-developer__docker__Dockerfile__docker-ssh.md] This allows users holding the corresponding private key to log in directly as the root user.

Related Concepts¶

[[Container security]] Dockerfile [[SSH]]

Sources¶

^[600-developer__docker__Dockerfile__docker-ssh.md]