Connecting to a running docker container – differences between using ssh and running a command with “-t -i” parameters

Could you please point me what is the difference between installing openssh-server and starting a ssh session with a given docker container and running docker run -t -i ubuntu /bin/bash and then performing some operations. How does docker attach compare to those two methods?

  • docker build Error checking context: 'can't stat '\\?\C:\Users\username\AppData\Local\Application Data''
  • Sharing namespaces within Docker
  • Capturing Dockerfile variable in file
  • How to store my docker registry in the file system
  • docker-compose fails to resolve service hostname
  • Cannot connect to MySql in Docker. Access Denied Error thrown. Flask-SqlAlchemy
  • “line 36: cd: HOME not set” in running Boot2Docker installed using Docker for Windows Installer v1.6.0
  • Why do I get unauthorized: authentication required from a docker pull from docker hub?
  • Dockerize Multi Module Maven Project
  • Force Docker Swarm container distribution
  • Fig volumes don't mount properly
  • Docker compose fails to setup container links properly
  • One Solution collect form web for “Connecting to a running docker container – differences between using ssh and running a command with “-t -i” parameters”

    Difference 1. If you want to use ssh, you need to have ssh installed on the Docker image and running on your container. You might not want to because of extra load or from a security perspective. One way to go is to keep your images as small as possible – avoids bugs like heartbleed ;). Whether you want ssh is a point of discussion, but mostly personal taste. I would say only use it for debugging, and not to actually change your image. If you would need the latter, you’d better make a new and better image. Personally, I have yet to install my first ssh server on a Docker image.

    Difference 2. Using ssh you can start your container as specified by the CMD and maybe ENTRYPOINT in your Dockerfile. Ssh then allows you to inspect that container and run commands for whatever use case you might need. On the other hand, if you start your container with the bash command, you effectively overwrite your Dockerfile CMD. If you then want to test that CMD, you can still run it manually (probably as a background process). When debugging my images, I do that all the time. This is from a development point of view.

    Difference 3. An extension of the 2nd, but from a different point of view. In production, ssh will always allow you to check out your running container. Docker has other options useful in this respect, like docker cp, docker logs and indeed docker attach.

    According to the docs “The attach command will allow you to view or interact with any running container, detached (-d) or interactive (-i). You can attach to the same container at the same time – screen sharing style, or quickly view the progress of your daemonized process.” However, I am having trouble in actually using this in a useful manner. Maybe someone who uses it could elaborate in that?

    Those are the only essential differences. There is no difference for image layers, committing or anything like that.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.