- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
Docker is an integral part of application infrastructure for many organizations. DevOps teams often choose Docker for critical deployments due to the bare-bones, limited nature of its containers. Single-purpose Docker containers make it easy and efficient to scale operations and manage large fleets. You can also make changes to one container and application without any chance of directly impacting the others.
But that lean nature comes with baked-in limitations. If you need to gain console access to your Docker container, you will note that it is, in fact, not a fully-fledged server with a fully-featured operating system. It typically won’t have OpenSSH installed (and do you actually want it to?).
In this article, we’ll cover a way to run console commands in Docker containers that will allow you to mimic the process of using SSH for the same purpose (and if you really need to, a way to gain true SSH access as well).
- Your host machine has Docker set up and running with one or more containers
- You have command line access to the host machine
Run Commands with Docker
The best method to perform console operations on a Docker container is to use the tools that Docker provides. You can use Docker’s command line functionality to execute commands within the container. Let’s take a look!
First, you’ll need to access the host machine (or, if you’re running Docker locally, your local machine) via your terminal and have handy the name of the container to run. In this example, the container will be referred to as ubuntu_test.
The docker run command will do a couple of things. First, it will create a container for you, using the image you ask it to use. If you already have the image downloaded locally, it will be used, and if not, Docker will recognize that automatically and download it for you before starting the new container. In this case, we’ll use the ubuntu image. You’ll want to use the -it flags (which will open a session and make it pseudo-tty, which basically enables your terminal to act as if it is a terminal for the docker container).
sudo docker run --name ubuntu_test -it ubuntu
This will promptly create the container (within seconds if you already have the image downloaded) and dump you into the terminal session within the container as the root user. If you are unfamiliar, you can see how sparse things are in a Docker container by checking top for running processes—there won’t be many. You now have at your disposal a way to run commands on your Docker container. Note, as stated, that it will be more limited in functionality than a full fledged terminal and server would be.
If later you want to return to an already running container to run further commands, you can use docker exec. Pass it the same -it flags, and provide the name of the container and the command you wish to run (in this case, bash).
docker exec -it ubuntu_test bash
This, again, will create a bash window and replicate a similar experience to when you interact with a server over SSH.
Directly Connect via SSH
You can circumvent these built-in Docker commands and simply install an OpenSSH server on your container via the dockerfile or via the package manager (note that packages installed with your package manager will not persist when your container is stopped). Once you do this, you can then send a normal ssh user@address command after retrieving the IP of your container. There are two reasons not to do this, though:
- The first is that the functionality to have an SSH-like bash shell experience already exists via docker run and docker exec. It is unnecessary to add steps and resource overhead to create a new method to execute the same commands, in most cases.
- Secondly, it expands the footprint and scope of your Docker container(s) to add an OpenSSH server to them and have it running. The entire point of Docker is to have a bare minimum set of functionality containerized and easily deployed and configured.
If despite this, you need to use SSH in particular, you can do so in a more persistent way by simply editing your dockerfile and appending the following commands:
RUN apt install openssh-server &&
systemctl ssh start &&
systemctl ssh enable
You will also need to acquire the IP address of your Docker application to properly connect to it via SSH. You can do this by running the following command:
docker inspect ubuntu_test | grep "IPAddress"
Which should return a response similar to:
Now, SSH will be installed and running on this container when it is spun up, and you may simply connect to it using the container’s IP address and run commands.
Hopefully, this article helped you understand the basic commands required to run commands in a Docker container! In most cases, your needs can be covered by Docker’s built-in functionality with docker run and docker exec, and if not, you can always resort to adding an SSH server to your container.
Want to learn more about using Docker containers with StrongDM? Get a no-BS demo of StrongDM.
About the Author
Jeff Smith, Lead Technical Writer, has led projects and teams working on documentation in access and security for more than six years. Learning these technologies and helping other people do the same is his passion. Jeff contributes occasionally to various technical blogs and publications and sometimes writes on non-software topics such as productivity, project management, and tech news. To contact Jeff, visit him on LinkedIn.