can't ssh into docker container

Question

Say I have the following Dockerfile:

FROM php:7.4

RUN apt-get install -y openssh-server \
    && mkdir /var/run/sshd \
    && echo 'root:root' | chpasswd \
    && sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
    && service ssh start

I create a Docker instance from this Dockerfile thusly:

docker build -t test .
docker run -t -d --privileged test bash
docker exec -it {whatever} bash

After that, I try to SSH into the machine and it doesn't work:

root@5e3395ae4b64:/# ssh 127.0.0.1
ssh: connect to host 127.0.0.1 port 22: Connection refused

If I do service ssh start again it works but idk why I need to do that since I'm already doing it in the Dockerfile.

Anyway, after I do service ssh start, password authentication doesn't work:

The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:hQcDdJFTmCZvhJzWbbis5OvCiqx1eagG0b6SD83GbJo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:

(I manually typed root as the password)

Any ideas?

Answer 1

I wound up getting this working by just creating a new user:

    && useradd --create-home --base-dir /home newuser \
    && echo "newuser:newuser" | chpasswd \

Answer 2

I think root shell is disabled. You can see it in

cat /etc/passwd

if its accessible. Try it and tell me if there is a shell for user root.

Then can you test a

netstat -an | grep 22

To see in which hosts the sshd is listening. If you don't see 127.0.0.1

Try to see if in the /etc/ssh/sshd_config you are using AllowUsers directive it takes precedence to PermitRootLogin.

And just see if this line of your DockerFile is applied in your file:

sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config