Setting ssh public keys on Docker image

I setup a Docker image that supports ssh. No problem, lots of examples. However, most examples show setting a password using passwd. I want to distribute my image. Having a fixed password, especially to root, seems like a gaping security hole. Better, to me, is to setup the image with root having no password. When a user gets the image they would then copy their public ssh file to the image /root/.ssh/authorized_keys file.

Is there a recommended way to do this?

  • Will spawned processes inside docker container utilize all cpu cores on container host by default?
  • ECONNREFUSED nodeJS with express inside docker container
  • docker ubuntu cron in CoreOS not run, funny behavior
  • Installing Postgres 9.6 in centos docker
  • How do I put a docker container in an error state?
  • Docker pull error
    1. Provide a Dockerfile that builds on my image with an ADD command
      that user can edit?
    2. Provide a shell script that runs something like “cat ~/.ssh/authorized_keys | docker run -i sh -c ‘cat > root/.ssh/authorized_keys”?

  • Container does not start if I map existing in container dir
  • How to pass Chef data bag secret to a docker container?
  • What are the Docker RUN params for mimicking IronWorker memory constraints?
  • Magento2 Docker Devbox Exception
  • Rails + Docker: ffi gem update today broke deploy?
  • Creating a docker-compose with PHP drivers for mongo+memcache+ES
  • One Solution collect form web for “Setting ssh public keys on Docker image”

    What about generating a private key and display it to the user?

    I use this snippet as part of the entrypoint script for an image:

    KEYGEN=/usr/bin/ssh-keygen
    KEYFILE=/root/.ssh/id_rsa
    
    if [ ! -f $KEYFILE ]; then
      $KEYGEN -q -t rsa -N "" -f $KEYFILE
      cat $KEYFILE.pub >> /root/.ssh/authorized_keys
    fi
    
    echo "== Use this private key to log in =="
    cat $KEYFILE
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.