Added documentation for preferred alternative to SSH for container access.

jdeathe · jdeathe · commit fc672eb566ee · 2015-02-25T16:45:03.000Z
diff --git a/README.md b/README.md
@@ -11,6 +11,8 @@ Included in the build is the EPEL repository and SSH, vi and are installed along
 
 SSH access is by public key authentication and, by default, the [Vagrant](http://www.vagrantup.com/) [insecure private key](https://github.com/mitchellh/vagrant/blob/master/keys/vagrant) is required.
 
+SSH is not required in order to access a terminal for the running container the prefered method is to use Command Keys and the nsenter command. See [command-keys.md](https://github.com/jdeathe/centos-ssh/blob/centos-6/command-keys.md) for details on how to set this up.
+
 ## Quick Example
 
 Run up a container named 'ssh.pool-1.1.1' from the docker image 'jdeathe/centos-ssh' on port 2020 of your docker host.
diff --git a/command-keys.md b/command-keys.md
@@ -0,0 +1,67 @@
+# Command Keys
+
+Using command keys to access containers (without sshd).
+
+Access docker containers using docker host SSH public key authentication and nsenter command to start up a bash terminal inside a container. In the following example the container name is "ssh.pool-1.1.1"
+
+## Create a unique public/private key pair for each container
+
+```
+$ cd ~/.ssh/ && ssh-keygen -q -t rsa -f id-rsa.ssh.pool-1.1.1
+```
+
+## Prefix the public key with the nsenter command
+
+```
+$ sed -i '' \
+  '1s#^#command="sudo nsenter -m -u -i -n -p -t $(docker inspect --format \\\"{{ .State.Pid }}\\\" ssh.pool-1.1.1) /bin/bash" #' \
+  ~/.ssh/id-rsa.ssh.pool-1.1.1.pub
+```
+
+## Upload the public key to the docker host VM
+
+The host in this example is core-01.local that has SSH public key authentication enabled using the Vagrant insecure private key.
+
+### Generic Linux Host Example
+
+```
+$ cat ~/.ssh/id-rsa.ssh.pool-1.1.1.pub | ssh -i ~/.vagrant.d/insecure_private_key \
+  core@core-01.local \
+  "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
+```
+
+### CoreOS Host Example
+
+```
+$ cat ~/.ssh/id-rsa.ssh.pool-1.1.1.pub | ssh -i ~/.vagrant.d/insecure_private_key \
+  core@core-01.local \
+  update-ssh-keys -a core@ssh.pool-1.1.1
+```
+
+### Usage
+
+```
+$ ssh -i ~/.ssh/id-rsa.ssh.pool-1.1.1 \
+  core@core-01.local \
+  -o StrictHostKeyChecking=no
+```
+
+#### SSH Config
+
+To simplify the command required to access the running container we can add an entry to the SSH configuration file ```~/.ssh/config``` as follows:
+
+```
+Host core-01.ssh.pool-1.1.1
+	HostName core-01.local
+	Port 22
+	User core
+	StrictHostKeyChecking no
+	IdentitiesOnly yes
+	IdentityFile ~/.ssh/id-rsa.ssh.pool-1.1.1
+```
+
+With the above entry in place we can now run the following to access the running container:
+
+```
+$ ssh core-01.ssh.pool-1.1.1
+```
