docker之无法从 docker 主机通过 SSH 连接到 docker 容器

我在 openstack 上创建了一个 docker 主机并启动了一个容器，它的端口 22 映射到了 docker 主机上的一个端口。已关注 link
我仍然无法从 docker 主机 ssh 到容器。它给出了这个错误:

$> ssh -v root@172.17.0.9 -p 32775 
 
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 56: Applying options for * 
debug1: Connecting to 172.17.0.9 [172.17.0.9] port 32775. 
debug1: connect to address 172.17.0.9 port 32775: Connection refused 
ssh: connect to host 172.17.0.9 port 32775: Connection refused 

当我在 docker run 中使用 -P 选项时，默认添加了 iptables 规则。它看起来像这样:

$> iptables -t nat -L -n 
Chain PREROUTING (policy ACCEPT) 
target     prot opt source               destination 
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL 
 
Chain INPUT (policy ACCEPT) 
target     prot opt source               destination 
 
Chain OUTPUT (policy ACCEPT) 
target     prot opt source               destination 
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL 
 
Chain POSTROUTING (policy ACCEPT) 
target     prot opt source               destination 
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0 
MASQUERADE  tcp  --  172.17.0.3           172.17.0.3           tcp dpt:80 
MASQUERADE  tcp  --  172.17.0.9           172.17.0.9           tcp dpt:22 
 
Chain DOCKER (2 references) 
target     prot opt source               destination 
RETURN     all  --  0.0.0.0/0            0.0.0.0/0 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:9090 to:172.17.0.3:80 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:32775 to:172.17.0.9:22 

容器看起来像:

$> docker ps -a 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                   NAMES 
46111bb52063        sshns               "/usr/sbin/sshd -D"      9 hours ago         Up 3 hours                 0.0.0.0:32776->22/tcp   TestSSHcontainer 

我只需要为我的目的使用 ssh。我知道 docker exec 选项。在 docker 主机和容器上尝试在 sshd_config 和 ssh_config 上使用 PermitRootLogin yes 等更改，但没有成功。

bash-4.2# /usr/sbin/sshd -Dd 
WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems. 
debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 
debug1: key_parse_private2: missing begin marker 
debug1: read PEM private key done: type RSA 
debug1: private host key: #0 type 1 RSA 
debug1: key_parse_private2: missing begin marker 
debug1: read PEM private key done: type ECDSA 
debug1: private host key: #1 type 3 ECDSA 
debug1: private host key: #2 type 4 ED25519 
debug1: rexec_argv[0]='/usr/sbin/sshd' 
debug1: rexec_argv[1]='-Dd' 
Set /proc/self/oom_score_adj from 0 to -1000 
debug1: Bind to port 22 on ::. 
Bind to port 22 on :: failed: Address already in use. 
debug1: Bind to port 22 on 0.0.0.0. 
Bind to port 22 on 0.0.0.0 failed: Address already in use. 
Cannot bind any address. 
 
bash-4.2# netstat -anp | grep 22 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      - 
tcp6       0      0 :::22                   :::*                    LISTEN      - 
bash-4.2# ps -eaf | grep ssh 
root         1     0  0 19:17 ?        00:00:00 /usr/sbin/sshd -D 
root        26    16  0 22:58 ?        00:00:00 grep ssh 

有什么我还想念的吗？

请您参考如下方法:

您正在使用容器的 IP，但 host port mapping的容器。试试 ssh -v root@172.17.0.9或 ssh -v root@localhost -p <port_mapping_on_host> (您的 docker ps -a 显示您在主机上的移植映射是 32776 )