Connecting to a running docker container – differences between using ssh and running a command with “-t -i” parameters

Could you please point me what is the difference between installing openssh-server and starting a ssh session with a given docker container and running docker run -t -i ubuntu /bin/bash and then performing some operations. How does docker attach compare to those two methods?

  • Dockerization of node js application
  • Difference between nodejs v0.12 and v5.x distributions
  • How to deploy a docker container on a remote ubuntu server?
  • What is best practice for sharing database between containers in docker?
  • Unable to pull google/appengine-go docker image
  • How to copy a file from host to Docker Container?
  • Database created in Dockerfile does not appear in running container
  • Converting a Thread Id in a Docker Cgroup to the Host Thread Id
  • How do I SSH to a Docker in Mac container [duplicate]
  • How to properly start nginx in Docker
  • Issue connecting elasticsearch cluster (i.e. non dockerized) from elasticsearch client running in docker container
  • mysql does not start with large log files
  • One Solution collect form web for “Connecting to a running docker container – differences between using ssh and running a command with “-t -i” parameters”

    Difference 1. If you want to use ssh, you need to have ssh installed on the Docker image and running on your container. You might not want to because of extra load or from a security perspective. One way to go is to keep your images as small as possible – avoids bugs like heartbleed ;). Whether you want ssh is a point of discussion, but mostly personal taste. I would say only use it for debugging, and not to actually change your image. If you would need the latter, you’d better make a new and better image. Personally, I have yet to install my first ssh server on a Docker image.

    Difference 2. Using ssh you can start your container as specified by the CMD and maybe ENTRYPOINT in your Dockerfile. Ssh then allows you to inspect that container and run commands for whatever use case you might need. On the other hand, if you start your container with the bash command, you effectively overwrite your Dockerfile CMD. If you then want to test that CMD, you can still run it manually (probably as a background process). When debugging my images, I do that all the time. This is from a development point of view.

    Difference 3. An extension of the 2nd, but from a different point of view. In production, ssh will always allow you to check out your running container. Docker has other options useful in this respect, like docker cp, docker logs and indeed docker attach.

    According to the docs “The attach command will allow you to view or interact with any running container, detached (-d) or interactive (-i). You can attach to the same container at the same time – screen sharing style, or quickly view the progress of your daemonized process.” However, I am having trouble in actually using this in a useful manner. Maybe someone who uses it could elaborate in that?

    Those are the only essential differences. There is no difference for image layers, committing or anything like that.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.