Linux – Docker container ssh error: ssh_exchange_identification: Connection closed by remote host

dockerlinuxopensshsshUbuntu

I am trying to set up an Ubuntu container with openssh-server so I can ssh into it from the host. I know it's not the standard way of doing it but I really want to have ssh.

This is my Dockerfile

# Select base image
FROM ubuntu:16.04

# Set the current working directory
WORKDIR /home

# Update the system, download any packages essential for the project
RUN dpkg --add-architecture i386
RUN apt-get update && apt-get upgrade -y
RUN apt-get install -y git build-essential make gcc vim net-tools iputils-ping ca-certificates openssh-server libc6:i386 libstdc++6:i386

# Allow ssh root login
RUN echo "root:root" | chpasswd

# RUN rpl "PermitRootLogin prohibit-password" "PermitRootLogin yes" /etc/ssh/sshd_config
RUN sed -i 's/prohibit-password/yes/' /etc/ssh/sshd_config

RUN cat /etc/ssh/sshd_config
RUN mkdir /root/.ssh

RUN chown -R root:root /root/.ssh;chmod -R 700 /root/.ssh

RUN echo “StrictHostKeyChecking=no” >> /etc/ssh/ssh_config

RUN service ssh restart


# Open port 22 so linked containers can see it
EXPOSE 22

# Import any additional files into the environment (from the host)
ADD otherfile .

I start the container with docker run -t -d -p 2222:22 but whenever I try to ssh into it I always end up getting the error ssh_exchange_identification: Connection closed by remote host:

➜ ssh -v -p 2222 root@localhost /bin/bash
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/giorgio/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to localhost port 2222.
debug1: Connection established.
debug1: identity file /Users/giorgio/.ssh/id_rsa type -1
debug1: identity file /Users/giorgio/.ssh/id_rsa-cert type -1
debug1: identity file /Users/giorgio/.ssh/id_dsa type -1
debug1: identity file /Users/giorgio/.ssh/id_dsa-cert type -1
debug1: identity file /Users/giorgio/.ssh/id_ecdsa type -1
debug1: identity file /Users/giorgio/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/giorgio/.ssh/id_ed25519 type -1
debug1: identity file /Users/giorgio/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/giorgio/.ssh/id_xmss type -1
debug1: identity file /Users/giorgio/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
ssh_exchange_identification: Connection closed by remote host

Does anyone knwo what causes this error and how to fix it?

Best Answer

RUN service ssh restart

This runs an ssh service restart (well actually a start) during the image creation phase, not in the future running container. There is no CMD nor ENTRYPOINT in you Dockerfile so it defaults to the one(s) configured in your base image (which is bash)

In other words, there is no ssh daemon running when you start your container. A temporary solution is to launch an exec command on the running container: docker exec your_container_name service ssh start

To fix the issue correctly you need to instruct the image it should start sshd when a container is created (see the dockerize an ssh service at docker docs). In short:

  • remove the RUN service ssh restart line
  • add the two next lines
RUN mkdir /var/run/sshd
CMD ['/usr/sbin/sshd', '-D']
  • rebuild your image, launch a new container, ssh and enjoy.