Learn SSH with Docker

Normally, we use Secure Shell (SSH) to access a server, but not all people have a server; one of the main reasons is because it's not cheap to buy a
Virtual Private Server (VPS). But the knowledge about how to use SSH is really important, and all programmers should know about it.

Fortunately, we can use something that can act like a client and a server. Because a server is basically just another computer, we can use virtualization technology like Virtual Machine (VM) or Container like Docker to learn more about SSH.

Concept

1. Open first terminal then run Ubuntu image within Docker container, then install SSH client, this is act like our local machine.

2. Open second terminal then run another Ubuntu image within Docker container, then install SSH server, this will be the server that we want to control.

3. Link those containers using the same network.

Setup

First thing you need is Docker, you can install docker in various way depends on your machine. If you're on Windows, you can install Docker Desktop, for others instalation please refers to the official documentation.

Additionally for Windows users, after the installation, you might want to install Windows Subsystem for Linux (WSL) and integrate with your Docker.

Open your terminal, then type docker version to make sure docker is running.

First Step

Prepare the client

1. Open a terminal, then run Ubuntu image.

docker run --rm -it --name=client ubuntu:latest bash

Explanation:

docker the base command
run tell docker to run container from image
--rm used to automatically delete container after not using it
-it combinations from --interactive and --tty
ubuntu:latest the name of the image that we will run, we are using image named 'ubuntu' and tag 'latest', which mean the latest version of ubuntu
bash command that we want to execute to the container, this will open bash terminal

1. After succeeding, you'are now inside the container. Because it is isolated, you can do whatever you want in there, now we need to install SSH client

apt update && apt install -y openssh-client

Note: you have to do apt update first, before install a package

Prepare the host

1. While the previous terminal opened, open another terminal, and run another Ubuntu image.

docker run --rm -it --name=server ubuntu:latest bash

You'll notice this step will be much faster, because we have already downloaded the image from the first step, and docker just need to running it instead of needed to download again.

1. Install SSH server

apt update && apt install -y openssh-server

Beginning

Okay it just the beginning, what do we have so far?

We now have a local machine (client) and a host machine (server), that's just like a real-life scenario.

Learn time

So, how does it work?

As we can see, the server is installed the openssh-server and not openssh-client, what's the difference?

Well, when we install the openssh-server, it will install an SSH service, that service will always running and listening, always ready if there are clients that want to be connected to our server. By default, it is listening on port 22.

Different from SSH server, SSH client does not listen on any port on our machine, it simply to connect our local machine to the server that has SSH service running on it.

Let's add security

Wait, wouldn't the other people also able to connect to our server and control them?

You're right!

But don't worry, we also have been thinking about that and that's why there are additional steps to make our server safe and still accessible by us, but not by others. Pstt.. It's called encryption.

To have a better understanding about how it works, let's just started.

Key Generation

1. On the client container (hope you remember which one), we will generate a key-pair using this command.

ssh-keygen -t ed25519

Explanation:
ssh-keygen command to generate ssh keypair
-t ed25519 specify the used algorithm, this example we use ed25519, another popular option is rsa

You'll be prompted to specify the output file, just press enter on your keyboard to use the default location.

They will also ask you to enter a passphrase and confirmation passphrase, just leave them blank and then press enter.

If successful, they will generate 2 files: id_ed25519 and id_ed25519.pub.

The one with the .pub suffix on their name is the public key, you need to keep this file on your host (server)

The other file is called private key, it's kept on the local machine (client)

Since you're a root user, those files will be stored on directory /root/.ssh

you can see them using the following command

ls /root/.ssh

Casualty

Okay, from now on, I will just simply called local machine and server,
local machine is the one that you install the openssh-client
server is the one that you install the openssh-server

Public & Private Key

As I said before, you need to keep the private key only on local machine , while store the public key on your server.

There are several ways to move your public key to the server, one common way and the way that is use is simply:

• copy the content of public key to your clipboard.
• create new file in the server and then paste the content to it.

Alright, let's try it

The following command will output the content of public key file (id_ed25519.pub) then and I want you to manually select and copy the text.

cat /root/.ssh/id_ed25519.pub

After you copy, it should be on your clipboard now. Then switch to the server.

First, create a file called id_ed25519.pub

mkdir /root/.ssh && touch /root/.ssh/id_ed25519.pub

Now, you need to open that file and paste. But wait, since we don't have any editor installed, we have to first install a lightweight text editor called nano, there are other options too like vi and vim but nano is more beginner friendly.

apt install -y nano

Now, we have nano installed on the server, we can now open that file.

nano /root/.ssh/id_ed25519.pub

Now you can paste the content from your clipboard (CTRL+V) then save (CTRL+S) and exit (CTRL+X)

Next Step

Okay, we have installed the public key in the server, so can we access the server now?

Not yet, but we're almost there.

We have to make sure that the server is reachable by our local machine.

Usually, we do this by using ping command.

Reaching the Server

On the local machine, install the tool using this command:

apt install -y iputils-ping

Then, we can check if the server is within our reach.

ping server

As you can see, we got no responses which indicates that the server wasn't reachable from our local machine.

*But why? *

Well, containers can't communicate directly because they are isolated from each other by default. You have to attach them to the same network.

Attach to the same network

Alright, I want you to open new terminal, then do the following.

Create a network

This will create a network called 'my-ssh-network'

docker network create my-ssh-network

Explanation:
docker this is the main command
network subcommand
create used for create something
my-ssh-network this is the name of network that we want to create, it's up to you

Attach network to the client container

docker network connect my-ssh-network client

Attach network to the server

docker network connect my-ssh-network server

Let's try again

From the local computer

ping server

You'll see line by line from the terminal comes out one at the time, that mean it received feedback from the server!

Hey-hey, do you what that mean?

We can finally connected to it!

It's there

Are you ready?
Are you really?
Are you really really- alright, now I want you to do this.

From the local computer type the following and hit enter.

ssh root@server

We did it!
We finally get it to work!

Last Words

Remember, the journey of a thousand miles begins with a single step. Take that step today.