<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

SSH into Docker Containers [A Step-by-Step Guide]

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Docker is an integral part of application infrastructure for many organizations. DevOps teams often choose Docker for critical deployments due to the bare-bones, limited nature of its containers. Single-purpose Docker containers make it easy and efficient to scale operations and manage large fleets. You can also make changes to one container and application without any chance of directly impacting the others. 

But that lean nature comes with baked-in limitations. If you need to gain console access to your Docker container, you will note that it is, in fact, not a fully-fledged server with a fully-featured operating system. It typically won’t have OpenSSH installed (and do you actually want it to?). 

In this article, we’ll cover a way to run console commands in Docker containers that will allow you to mimic the process of using SSH for the same purpose (and if you really need to, a way to gain true SSH access as well).

Prerequisites

  • Your host machine has Docker set up and running with one or more containers
  • You have command line access to the host machine

Run Commands with Docker

The best method to perform console operations on a Docker container is to use the tools that Docker provides. You can use Docker’s command line functionality to execute commands within the container. Let’s take a look!

First, you’ll need to access the host machine (or, if you’re running Docker locally, your local machine) via your terminal and have handy the name of the container to run. In this example, the container will be referred to as ubuntu_test.

docker run

The docker run command will do a couple of things. First, it will create a container for you, using the image you ask it to use. If you already have the image downloaded locally, it will be used, and if not, Docker will recognize that automatically and download it for you before starting the new container. In this case, we’ll use the ubuntu image. You’ll want to use the -it flags (which will open a session and make it pseudo-tty, which basically enables your terminal to act as if it is a terminal for the docker container).

sudo docker run --name ubuntu_test -it ubuntu

This will promptly create the container (within seconds if you already have the image downloaded) and dump you into the terminal session within the container as the root user. If you are unfamiliar, you can see how sparse things are in a Docker container by checking top for running processes—there won’t be many. You now have at your disposal a way to run commands on your Docker container. Note, as stated, that it will be more limited in functionality than a full fledged terminal and server would be.

docker exec

If later you want to return to an already running container to run further commands, you can use docker exec. Pass it the same -it flags, and provide the name of the container and the command you wish to run (in this case, bash).

docker exec -it ubuntu_test bash

This, again, will create a bash window and replicate a similar experience to when you interact with a server over SSH.

Directly Connect via SSH

You can circumvent these built-in Docker commands and simply install an OpenSSH server on your container via the dockerfile or via the package manager (note that packages installed with your package manager will not persist when your container is stopped). Once you do this, you can then send a normal ssh user@address command after retrieving the IP of your container. There are two reasons not to do this, though:

  1. The first is that the functionality to have an SSH-like bash shell experience already exists via docker run and docker exec. It is unnecessary to add steps and resource overhead to create a new method to execute the same commands, in most cases.
  2. Secondly, it expands the footprint and scope of your Docker container(s) to add an OpenSSH server to them and have it running. The entire point of Docker is to have a bare minimum set of functionality containerized and easily deployed and configured.

If despite this, you need to use SSH in particular, you can do so in a more persistent way by simply editing your dockerfile and appending the following commands:

RUN apt install openssh-server &&  
     systemctl ssh start &&         
     systemctl ssh enable          

You will also need to acquire the IP address of your Docker application to properly connect to it via SSH. You can do this by running the following command:

docker inspect ubuntu_test | grep "IPAddress"

Which should return a response similar to:

        "SecondaryIPAddresses": null,     
        "IPAddress": "172.17.0.2",       
              "IPAddress": "172.17.0.2",

Now, SSH will be installed and running on this container when it is spun up, and you may simply connect to it using the container’s IP address and run commands.

Hopefully, this article helped you understand the basic commands required to run commands in a Docker container! In most cases, your needs can be covered by Docker’s built-in functionality with docker run and docker exec, and if not, you can always resort to adding an SSH server to your container.

Want to learn more about using Docker containers with StrongDM? Get a no-BS demo of StrongDM.


About the Author

, Lead Technical Writer, has led projects and teams working on documentation in access and security for more than six years. Learning these technologies and helping other people do the same is his passion. Jeff contributes occasionally to various technical blogs and publications and sometimes writes on non-software topics such as productivity, project management, and tech news. To contact Jeff, visit him on LinkedIn.

logo
💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

SSH and Kubernetes Remote Identities
Supercharge Your SSH and Kubernetes Resources with Remote Identities
Learn how Remote Identities helps you leverage SSH and k8s capabilities to capitalize on infrastructure workflow investments you’ve already made.
How to Set Up SSH Passwordless Login
How to Set Up SSH Passwordless Login (Step-by-Step Tutorial)
This tutorial will walk you step by step through how to manually set up SSH passwordless login to a Linux server. These commands should work on the majority of Linux distributions, and instructions are included for modern client machines of the macOS, Windows, and Linux varieties.
How to View SSH Logs?
How to View SSH Logs?
Two of the most important questions in security are: who accessed what, and when did they access it? If you have any Linux or Unix machines, you’ll likely find answers in the sshd log. sshd is the Secure Shell Daemon, which allows remote access to the system. In this article, we’ll look at how to view ssh logs.
Scaling Your SSH Strategy
Scaling Your SSH Strategy
In our last post, we discussed some of the challenges that are inherent to management of SSH keys across your infrastructure as you scale the number of team members and servers. In this post, we will dig into some of your options and the trade-offs that they provide.
SSH keys manager
SSH Key Management
Infrastructure and DevOps administrators face significant barriers in managing Secure Shell (SSH) keys. In this article, we’ll explore the complexities of SSH key management. We’ll also show how to effectively authenticate users without having to manage SSH keys for individual users.