WO2017101252A1 - Docker-based container login method, server and system - Google Patents

Docker-based container login method, server and system Download PDF

Info

Publication number
WO2017101252A1
WO2017101252A1 PCT/CN2016/082406 CN2016082406W WO2017101252A1 WO 2017101252 A1 WO2017101252 A1 WO 2017101252A1 CN 2016082406 W CN2016082406 W CN 2016082406W WO 2017101252 A1 WO2017101252 A1 WO 2017101252A1
Authority
WO
WIPO (PCT)
Prior art keywords
container
login
server
docker
command
Prior art date
Application number
PCT/CN2016/082406
Other languages
French (fr)
Chinese (zh)
Inventor
梅平
杨帝海
伍宏先
赵亮
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2017101252A1 publication Critical patent/WO2017101252A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Definitions

  • the present invention relates to the field of security technologies, and in particular, to a Docker-based container login method, server, and system.
  • Docker is an open source application container engine that allows developers to package applications and dependencies into a portable container and then publish them to any popular Linux. Virtualization can also be implemented on the machine. After the business program is deployed in the Docker container, the IP address of the container is usually invisible to the outside world. There is no way to log in directly.
  • Some of the existing login methods are to log in directly to the Docker physical machine and then enter the container through commands.
  • the containers of each service are placed on a Docker physical machine, and the physical machine login permission is opened, which poses a great security risk.
  • a Docker based container login method, server, and system are provided.
  • a Docker-based container login method that includes:
  • the virtual terminal is connected to the Docker physical machine corresponding to the login information by using a command of the SSH protocol;
  • a first server includes a memory and a processor, the memory storing instructions that, when executed by the processor, cause the processor to perform the following steps:
  • the virtual terminal is connected to the Docker physical machine corresponding to the login information by using a command of the SSH protocol;
  • a Docker-based container login system that includes:
  • a first server configured to receive a container entry command, where the container entry command includes login information
  • the first server is further configured to open a virtual terminal connection and a Docker physical machine corresponding to the login information by using a command of the SSH protocol;
  • the first server is further configured to enter a container corresponding to the login information by using the virtual terminal.
  • FIG. 1 is an application environment diagram of a Docker-based container login method in an embodiment
  • Figure 2 is a diagram showing the internal structure of the first server of Figure 1 in an embodiment
  • FIG. 3 is a flow chart of a Docker-based container login method in one embodiment
  • FIG. 4 is a flow chart of a Docker-based container login method in another embodiment
  • FIG. 5 is a structural block diagram of a Docker-based container login system in one embodiment
  • FIG. 6 is a structural block diagram of a Docker-based container login system in another embodiment
  • FIG. 7 is a structural block diagram of a Docker-based container login device in one embodiment
  • FIG. 8 is a structural block diagram of a Docker-based container login device in another embodiment
  • FIG. 9 is a structural block diagram of a Docker-based container login apparatus in still another embodiment.
  • FIG. 1 is an application environment diagram of a Docker-based container login method in an embodiment.
  • the application environment includes a first server 110 and a Docker physical machine 120, wherein the first server 110 and the Docker physical machine 120 communicate over a network.
  • the first server 110 is generally the starting machine of the login server, and can be a springboard.
  • the Docker physical machine 120 can run multiple containers, each of which corresponds to a different service.
  • the first server 110 establishes a connection with the Docker physical machine 120 according to the received command and enters the corresponding container on the Docker physical machine through the virtual terminal.
  • the internal structure of the first server 110 of FIG. 1 is as shown in FIG. 2.
  • the first server 110 includes a processor, an internal memory, a non-volatile storage medium, and a network interface connected by a system bus.
  • the non-volatile storage medium of the first server 110 stores an operating system and a Docker-based container login device, and the Docker-based container login device is used to implement a Docker-based container login method suitable for the first server 110.
  • the processor of the first server 110 is configured to provide computing and control capabilities configured to perform a Docker based container login method.
  • the network interface of the first server 110 is used to communicate with the Docker physical machine 120 over a network connection, such as a container entering the Docker physical machine 120.
  • a Docker-based container login method is provided to be applied to the first server 110 in the application environment, and the following steps are included:
  • Step S210 receiving a container entry command, and the container entry command includes login information.
  • a container access command tool is provided to receive the container entry command, and the container access command tool is installed in the first server 110, and the container access command can be directly received through the first server 110, or can be accessed through the terminal first and through the SSH command.
  • a server 110 then receives the container entry command.
  • SSH Secure Shell , the security shell protocol
  • SSH Secure Shell , the security shell protocol
  • the container enters the command, increasing the security of the receipt of the container into the command.
  • the login information can be customized as needed. For example, the login information is the container name, and the container name needs to be determined by the container name. If the received container enters the command as "go container name".
  • step S220 the virtual terminal is connected to the Docker physical machine corresponding to the login information by using the command of the SSH protocol.
  • the -t command of the SSH protocol is used to open a virtual terminal connection to the Docker physical machine corresponding to the login information.
  • the Docker physical machine corresponding to the login information can be obtained by the container name, such as determining the IP of the container by the container name, and then obtaining the corresponding Docker physical machine through the IP.
  • the container name such as determining the IP of the container by the container name
  • the login permission of the Docker physical machine is not required to be opened, thereby improving the security of the login.
  • the SSH protocol command will be automatically executed to open the virtual terminal and connect to the Docker physical machine. No need to manually input any information, which improves the convenience of login. And this method of connecting to the Docker physical machine through the virtual terminal to log in through the subsequent steps is mandatory and cannot be changed, and the security of the login is ensured.
  • Step S230 the container corresponding to the login information is entered through the virtual terminal.
  • step S220 and step S230 the command executed in step S220 and step S230 is “ssh -t 192.168.0.1”.
  • step S220 and step S230 the command executed in step S220 and step S230 is “ssh -t 192.168.0.1”.
  • step S230 the command executed in step S220 and step S230 is “ssh -t 192.168.0.1”.
  • "docker exec -ti my_container Bash” where 192.168.0.1 is the IP address of the container, and my_container is the name of the container received.
  • the container entry command by receiving the container entry command, the container entry command includes login information, and the Docker physical machine corresponding to the login information is opened by the SSH protocol command, and the virtual terminal enters the container corresponding to the login information, and passes through the virtual terminal. Connect to the Docker physical machine, without logging in to the Docker physical machine, without opening the login permissions of the Docker physical machine, improving the security of the login.
  • a Docker-based container login method is provided.
  • the login information includes the container name, including the following steps:
  • Step S310 receiving a container entry command, and the container entry command includes login information.
  • Step S320 Acquire a currently logged-in user, and send an authentication request to the second server.
  • the authentication request includes the container name and the information of the user, so that the second server determines the login right according to the authentication request.
  • the user currently logged in is the user who logs in to the first server, and obtains the information of the currently logged-in user.
  • the information of the user may include one or more of the user name, the level information, the time information, and the like, and the user information and the user information are carried.
  • the authentication request of the container name is sent to the second server, and the second server stores the login authority corresponding to the user information and the container, and determines whether the user has the permission to log in to the container according to the user information and the container name, and if there is permission, returns The authentication result of the login permission, otherwise the authentication result without the login permission is returned.
  • Step S330 receiving the authentication result returned by the second server. If the authentication result is that there is login authority, the process proceeds to step S340, otherwise the login cannot be performed.
  • the container can be accessed through the subsequent steps. If there is no login permission, the login cannot be performed.
  • the authentication of the login authority further improves the security of the login. Even if the container name is stolen and the user information does not match, the container cannot be accessed.
  • Step S340 the virtual terminal is connected to the Docker physical machine corresponding to the login information by using the command of the SSH protocol.
  • step S350 the container corresponding to the login information is entered through the virtual terminal.
  • the method further comprises: when the container executes the exit instruction, exiting the container and directly returning to the local machine.
  • the exit container when the container executes the "exit" exit command, the exit container will immediately return to the first server, and will not stay on the Docker physical machine, so that the user can not operate the Docker physical machine, thereby improving security.
  • a Docker-based container login system including:
  • the first server 410 is configured to receive a container entry command, and the container entry command includes login information.
  • the first server 410 is installed with a container access command tool to receive the container entry command, and may directly receive the container entry command through the first server 110, or may be connected to the first server 110 through the SSH command and then received by the terminal.
  • the container enters the command.
  • SSH Secure Shell , the security shell protocol
  • SSH Secure Shell , the security shell protocol
  • the login information can be customized as needed. For example, the login information is the container name, and the container name needs to be determined by the container name. If the received container enters the command as "go Container name.”
  • the first server 410 is further configured to open a virtual terminal connection with a Docker physical machine corresponding to the login information by using a command of the SSH protocol.
  • the first server 410 opens a virtual terminal connection to the Docker physical machine corresponding to the login information by using the -t command of the SSH protocol.
  • the Docker physical machine corresponding to the login information can be obtained by the container name, such as determining the IP of the container by the container name, and then obtaining the corresponding Docker physical machine through the IP.
  • the container name such as determining the IP of the container by the container name
  • the login permission of the Docker physical machine is not required to be opened, thereby improving the security of the login.
  • the SSH protocol command will be automatically executed to open the virtual terminal and connect to the Docker physical machine. No need to manually input any information, which improves the convenience of login. And this method of connecting to the Docker physical machine through the virtual terminal to log in through the subsequent steps is mandatory and cannot be changed, and the security of the login is ensured.
  • a Docker physical machine 420 can run one or more containers. In one embodiment, there are multiple containers, each corresponding to a different service.
  • the first server 410 is further configured to enter a container corresponding to the login information by using the virtual terminal.
  • the first server 410 executes the exec command of the docker to enter the inside of the container through the virtual terminal, and the command executed in step S220 and step S230 is “ssh-t”. 192.168.0.1 "docker exec -ti my_container Bash”, where 192.168.0.1 is the IP address of the container, and my_container is the name of the container received.
  • the system consisting of the first server 410 and the Docker physical machine 420 receives the container entry command through the first server 410.
  • the container entry command includes login information, and the Docker physics corresponding to the login information is opened by the SSH protocol command.
  • the machine enters the container corresponding to the login information through the virtual terminal, and connects to the Docker physical machine through the virtual terminal, without logging in the Docker physical machine, and does not need to open the login right of the Docker physical machine, thereby improving the security of the login.
  • the login information includes a container name.
  • the system further includes a second server 430.
  • the first server is further configured to acquire a currently logged-in user, send an authentication request to the second server 430, and perform authentication.
  • the request includes information about the container name and the user.
  • the currently logged-in user is a user who logs in to the first server, and obtains information of the currently logged-in user, such as a user name, and sends an authentication request carrying the user information and the container name to the second server.
  • the second server 430 is configured to determine the login authority according to the authentication request, and return an authentication result to the first server.
  • the second server stores the corresponding login permission between the user information and the container, and determines, according to the user information and the container name, whether the user has the permission to log in to the container, and if there is permission, returns the authentication result with the login permission, otherwise Returns the authentication result without login privileges.
  • the first server 410 is further configured to open the Docker physical machine corresponding to the login information by using the SSH protocol command if the authentication result is the login permission, otherwise the login cannot be performed.
  • the first server 410 can open the Docker physical machine corresponding to the login information by using the SSH protocol command if the returned authentication result is the login permission. If the login permission is not available, the first server 410 cannot log in. The authentication of the login authority further improves the security of the login. Even if the container name is stolen and the user information does not match, the container cannot be accessed.
  • the container is configured to exit and return directly to the first server when the exit instruction is executed.
  • the container when the container executes the "exit" exit command, the container will be immediately returned to the first server and will not stay on the Docker physical machine, so that the user cannot operate the Docker physical machine, which improves the security.
  • a Docker-based container login device including:
  • the receiving module 510 is configured to receive a container entry command, and the container entry command includes login information.
  • the virtual terminal connection module 520 is configured to open a virtual terminal connection and a Docker physical machine corresponding to the login information by using a command of the SSH protocol.
  • the module 530 is configured to enter a container corresponding to the login information through the virtual terminal.
  • the login information includes a container name
  • the device further includes:
  • the authentication module 540 is configured to obtain the currently logged-in user, and send an authentication request to the second server.
  • the authentication request includes the container name and the user information, so that the second server determines the login permission according to the authentication request, and receives the second server to return. If the authentication result is that there is login permission, the virtual terminal connection module is entered, otherwise the login cannot be performed.
  • the device further includes:
  • the return module 550 is configured to exit the container and directly return to the local machine when the container executes the exit instruction.
  • the storage medium may be a magnetic disk, an optical disk, or a read-only storage memory (Read-Only)
  • a nonvolatile storage medium such as a memory or a ROM, or a random access memory (RAM).

Abstract

A Docker-based container login method, comprising: receiving a container entering command, wherein the container entering command comprises login information; opening a virtual terminal by means of a command of an SSH protocol, and connecting same to a Docker physical machine corresponding to the login information; and entering, by means of the virtual terminal, a container corresponding to the login information.

Description

基于 Docker 的容器登录方法、服务器和系统  Docker-based container login method, server and system
本申请要求于2015年12月17日提交中国专利局,申请号为201510955719.5,发明名称为“基于Docker的容器登录方法、装置和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201510955719.5, entitled "Docker-Based Container Registration Method, Apparatus and System" on December 17, 2015, the entire contents of which are incorporated by reference. In this application.
【技术领域】[Technical Field]
本发明涉及安全技术领域,特别是涉及一种基于Docker的容器登录方法、服务器和系统。The present invention relates to the field of security technologies, and in particular, to a Docker-based container login method, server, and system.
【背景技术】【Background technique】
Docker是一个开源的应用容器引擎,让开发者可以打包应用以及依赖包到一个可移植的容器中,然后发布到任何流行的Linux 机器上,也可以实现虚拟化。业务程序以Docker的容器方式部署后,容器的IP地址通常是对外不可见的,没有办法直接登录进去。Docker is an open source application container engine that allows developers to package applications and dependencies into a portable container and then publish them to any popular Linux. Virtualization can also be implemented on the machine. After the business program is deployed in the Docker container, the IP address of the container is usually invisible to the outside world. There is no way to log in directly.
现有的登录方法有的是直接登录Docker物理机,然后再通过命令进入容器。当多个业务混合部署到一个Docker物理机时,各个业务的容器都放在一个Docker物理机上,把物理机登录权限开放,存在很大的安全隐患。有的是采用webshell登录方式,这种方式相当于对外开放一个后门来登录容器,安全性难以保障。Some of the existing login methods are to log in directly to the Docker physical machine and then enter the container through commands. When multiple services are deployed in a Docker physical machine, the containers of each service are placed on a Docker physical machine, and the physical machine login permission is opened, which poses a great security risk. Some use the webshell login method, which is equivalent to opening a back door to log in to the container, and security is difficult to guarantee.
【发明内容】 [Summary of the Invention]
根据本申请公开的各种实施例,提供一种基于Docker的容器登录方法、服务器和系统。In accordance with various embodiments disclosed herein, a Docker based container login method, server, and system are provided.
一种基于Docker的容器登录方法,包括:A Docker-based container login method that includes:
接收容器进入命令,所述容器进入命令包括登录信息;Receiving a container entry command, the container entry command including login information;
通过SSH协议的命令打开虚拟终端连接与所述登录信息对应的Docker物理机;及The virtual terminal is connected to the Docker physical machine corresponding to the login information by using a command of the SSH protocol; and
通过所述虚拟终端进入与所述登录信息对应的容器。Entering, by the virtual terminal, a container corresponding to the login information.
一种第一服务器,包括存储器和处理器,所述存储器中储存有指令,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:A first server includes a memory and a processor, the memory storing instructions that, when executed by the processor, cause the processor to perform the following steps:
接收容器进入命令,所述容器进入命令包括登录信息;Receiving a container entry command, the container entry command including login information;
通过SSH协议的命令打开虚拟终端连接与所述登录信息对应的Docker物理机;及The virtual terminal is connected to the Docker physical machine corresponding to the login information by using a command of the SSH protocol; and
通过所述虚拟终端进入与所述登录信息对应的容器。Entering, by the virtual terminal, a container corresponding to the login information.
一种基于Docker的容器登录系统,包括:A Docker-based container login system that includes:
第一服务器,用于接收容器进入命令,所述容器进入命令包括登录信息,a first server, configured to receive a container entry command, where the container entry command includes login information,
所述第一服务器还用于通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机;The first server is further configured to open a virtual terminal connection and a Docker physical machine corresponding to the login information by using a command of the SSH protocol;
Docker物理机,用于运行容器;Docker physical machine for running containers;
其中,所述第一服务器还用于通过所述虚拟终端进入与所述登录信息对应的容器。The first server is further configured to enter a container corresponding to the login information by using the virtual terminal.
本发明的一个或多个实施例的细节在下面的附图和描述中提出。本发明的其它特征、目的和优点将从说明书、附图以及权利要求书变得明显。Details of one or more embodiments of the invention are set forth in the accompanying drawings and description below. Other features, objects, and advantages of the invention will be apparent from the description and appended claims.
【附图说明】[Description of the Drawings]
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1为一个实施例中基于Docker的容器登录方法的应用环境图;1 is an application environment diagram of a Docker-based container login method in an embodiment;
图2为一个实施例中图1中第一服务器的内部结构图;Figure 2 is a diagram showing the internal structure of the first server of Figure 1 in an embodiment;
图3为一个实施例中基于Docker的容器登录方法的流程图;3 is a flow chart of a Docker-based container login method in one embodiment;
图4为另一个实施例中基于Docker的容器登录方法的流程图;4 is a flow chart of a Docker-based container login method in another embodiment;
图5为一个实施例中基于Docker的容器登录系统的结构框图;5 is a structural block diagram of a Docker-based container login system in one embodiment;
图6为另一个实施例中基于Docker的容器登录系统的结构框图;6 is a structural block diagram of a Docker-based container login system in another embodiment;
图7为一个实施例中基于Docker的容器登录装置的结构框图;7 is a structural block diagram of a Docker-based container login device in one embodiment;
图8为另一个实施例中基于Docker的容器登录装置的结构框图;8 is a structural block diagram of a Docker-based container login device in another embodiment;
图9为再一个实施例中基于Docker的容器登录装置的结构框图。FIG. 9 is a structural block diagram of a Docker-based container login apparatus in still another embodiment.
【具体实施方式】 【detailed description】
图1为一个实施例中基于Docker的容器登录方法运行的应用环境图。如图1所示,该应用环境包括第一服务器110和Docker物理机120,其中第一服务器110和Docker物理机120通过网络进行通信。FIG. 1 is an application environment diagram of a Docker-based container login method in an embodiment. As shown in FIG. 1, the application environment includes a first server 110 and a Docker physical machine 120, wherein the first server 110 and the Docker physical machine 120 communicate over a network.
第一服务器110一般是登录服务器的起点机器,可为跳板机,Docker物理机120上可运行多个容器,每个容器对应不同的业务。第一服务器110根据接收的命令与Docker物理机120建立连接并通过虚拟终端进入Docker物理机上对应的容器。The first server 110 is generally the starting machine of the login server, and can be a springboard. The Docker physical machine 120 can run multiple containers, each of which corresponds to a different service. The first server 110 establishes a connection with the Docker physical machine 120 according to the received command and enters the corresponding container on the Docker physical machine through the virtual terminal.
在一个实施例中,图1中的第一服务器110的内部结构如图2所示,该第一服务器110包括通过系统总线连接的处理器、内存储器、非易失性存储介质和网络接口。其中,该第一服务器110的非易失性存储介质存储有操作系统和基于Docker的容器登录装置,基于Docker的容器登录装置用于实现一种适用于第一服务器110的基于Docker的容器登录方法。该第一服务器110的处理器用于提供计算和控制能力,被配置为执行一种基于Docker的容器登录方法。该第一服务器110的网络接口用于与Docker物理机120通过网络连接通信,比如进入Docker物理机120的容器等。In one embodiment, the internal structure of the first server 110 of FIG. 1 is as shown in FIG. 2. The first server 110 includes a processor, an internal memory, a non-volatile storage medium, and a network interface connected by a system bus. The non-volatile storage medium of the first server 110 stores an operating system and a Docker-based container login device, and the Docker-based container login device is used to implement a Docker-based container login method suitable for the first server 110. . The processor of the first server 110 is configured to provide computing and control capabilities configured to perform a Docker based container login method. The network interface of the first server 110 is used to communicate with the Docker physical machine 120 over a network connection, such as a container entering the Docker physical machine 120.
如图3所示,在一个实施例中,提供了一种基于Docker的容器登录方法,以应用于上述应用环境中的第一服务器110来举例说明,包括如下步骤:As shown in FIG. 3, in an embodiment, a Docker-based container login method is provided to be applied to the first server 110 in the application environment, and the following steps are included:
步骤S210,接收容器进入命令, 容器进入命令包括登录信息。Step S210, receiving a container entry command, and the container entry command includes login information.
具体的,提供一个容器进入命令工具接收容器进入命令,容器进入命令工具安装于第一服务器110中,可直接通过第一服务器110接收容器进入命令,也可以通过终端先连接并通过SSH命令登录第一服务器110,然后再接收容器进入命令。SSH( Secure Shell ,安全外壳协议)为建立在应用层和传输层基础上的安全协议,通过SSH命令登录第一服务器110并且由于容器进入命令工具安装于第一服务器110中,只有登录了第一服务器110才能输入容器进入命令,提高了容器进入命令的接收的安全性。登录信息可根据需要自定义,如登录信息为容器名称,通过容器名称确定需要登录的容器。如接收的容器进入命令为“go容器名”。Specifically, a container access command tool is provided to receive the container entry command, and the container access command tool is installed in the first server 110, and the container access command can be directly received through the first server 110, or can be accessed through the terminal first and through the SSH command. A server 110 then receives the container entry command. SSH ( Secure Shell , the security shell protocol) is a security protocol based on the application layer and the transport layer, is logged in to the first server 110 by using an SSH command, and is installed in the first server 110 because the container access command tool is installed, and only the first server 110 is logged in to input The container enters the command, increasing the security of the receipt of the container into the command. The login information can be customized as needed. For example, the login information is the container name, and the container name needs to be determined by the container name. If the received container enters the command as "go container name".
步骤S220,通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机。In step S220, the virtual terminal is connected to the Docker physical machine corresponding to the login information by using the command of the SSH protocol.
具体的,通过SSH协议的-t命令打开一个虚拟终端连接与登录信息对应的Docker物理机。通过容器名称可获取与登录信息对应的Docker物理机,如通过容器名称确定容器的IP,然后通过IP得到对应的Docker物理机。通过虚拟终端连接Docker物理机,不用登录Docker物理机,在有多个业务部署在Docker物理机时,不用将Docker物理机的登录权限开放,提高了登录的安全性。当接收到容器进入命令后会自动执行SSH协议的命令打开虚拟终端与Docker物理机连接,不需要手动输入任何信息,提高了登录的方便性。并且这种通过虚拟终端与Docker物理机连接从而通过后续步骤登录容的方法,是强制性不能更改的,保证了登录的安全性。Specifically, the -t command of the SSH protocol is used to open a virtual terminal connection to the Docker physical machine corresponding to the login information. The Docker physical machine corresponding to the login information can be obtained by the container name, such as determining the IP of the container by the container name, and then obtaining the corresponding Docker physical machine through the IP. By connecting the Docker physical machine through the virtual terminal, there is no need to log in to the Docker physical machine. When multiple services are deployed on the Docker physical machine, the login permission of the Docker physical machine is not required to be opened, thereby improving the security of the login. When receiving the container entry command, the SSH protocol command will be automatically executed to open the virtual terminal and connect to the Docker physical machine. No need to manually input any information, which improves the convenience of login. And this method of connecting to the Docker physical machine through the virtual terminal to log in through the subsequent steps is mandatory and cannot be changed, and the security of the login is ensured.
步骤S230,通过虚拟终端进入与登录信息对应的容器。Step S230, the container corresponding to the login information is entered through the virtual terminal.
具体的,执行docker的exec命令通过虚拟终端进入容器内部,步骤S220和步骤S230执行的命令为“ssh -t 192.168.0.1 "docker exec -ti my_container bash",其中192.168.0.1为容器的IP地址,my_container为接收的容器名。整个登录过程用户不会停留在Docker物理机上,而是通过一个虚拟终端,然后直接执行Docker命令进入容器了,由于用户没有在Docker物理机上停留过,即使多个业务部署在Docker物理机上,由于登录用户不能操作Docker物理机,各个业务之间也不会因为用户的操作相互影响,提高了登录的安全性。同时,在登录安全性保证的情况下,可将各个业务同时部署在一个Docker物理机上,提升了资源利用率,降低了机器成本。Specifically, the execution of the docker exec command enters the inside of the container through the virtual terminal, and the command executed in step S220 and step S230 is “ssh -t 192.168.0.1”. "docker exec -ti my_container Bash", where 192.168.0.1 is the IP address of the container, and my_container is the name of the container received. The entire login process will not stay on the Docker physical machine, but through a virtual terminal, and then directly execute the Docker command to enter the container, because the user Did not stay on the Docker physical machine, even if multiple services are deployed on the Docker physical machine, because the logged-in user can not operate the Docker physical machine, the business will not be affected by the user's operation, which improves the security of the login. In the case of login security assurance, each service can be deployed on a Docker physical machine at the same time, which improves resource utilization and reduces machine cost.
本实施例中,通过接收容器进入命令,容器进入命令包括登录信息,通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机,通过虚拟终端进入与登录信息对应的容器,通过虚拟终端连接Docker物理机,不用登录Docker物理机,不用将Docker物理机的登录权限开放,提高了登录的安全性。In this embodiment, by receiving the container entry command, the container entry command includes login information, and the Docker physical machine corresponding to the login information is opened by the SSH protocol command, and the virtual terminal enters the container corresponding to the login information, and passes through the virtual terminal. Connect to the Docker physical machine, without logging in to the Docker physical machine, without opening the login permissions of the Docker physical machine, improving the security of the login.
在一个实施例中,如图4所示,提供了一种基于Docker的容器登录方法,In one embodiment, as shown in FIG. 4, a Docker-based container login method is provided.
登录信息包括容器名,包括如下步骤:The login information includes the container name, including the following steps:
步骤S310,接收容器进入命令, 容器进入命令包括登录信息。Step S310, receiving a container entry command, and the container entry command includes login information.
步骤S320,获取当前登录的用户,发送鉴权请求至第二服务器,鉴权请求包括容器名和用户的信息,以使第二服务器根据鉴权请求判断登录权限。Step S320: Acquire a currently logged-in user, and send an authentication request to the second server. The authentication request includes the container name and the information of the user, so that the second server determines the login right according to the authentication request.
具体的,当前登录的用户为登录第一服务器的用户,获取当前登录的用户的信息,用户的信息可包括用户名、级别信息、时间信息等中的一种或多种,将携带用户信息和容器名的鉴权请求发送至第二服务器,第二服务器中存储了用户信息和容器之间对应的登录权限,根据用户信息和容器名判断用户是否有登录容器的权限,如果有权限,则返回有登录权限的鉴权结果,否则返回没有登录权限的鉴权结果。Specifically, the user currently logged in is the user who logs in to the first server, and obtains the information of the currently logged-in user. The information of the user may include one or more of the user name, the level information, the time information, and the like, and the user information and the user information are carried. The authentication request of the container name is sent to the second server, and the second server stores the login authority corresponding to the user information and the container, and determines whether the user has the permission to log in to the container according to the user information and the container name, and if there is permission, returns The authentication result of the login permission, otherwise the authentication result without the login permission is returned.
步骤S330,接收第二服务器返回的鉴权结果,如果鉴权结果为有登录权限,则进入步骤S340,否则无法登录。Step S330, receiving the authentication result returned by the second server. If the authentication result is that there is login authority, the process proceeds to step S340, otherwise the login cannot be performed.
具体的,只有返回的鉴权结果为有登录权限时,才可以通过后续步骤进入容器,如果没有登录权限,则无法登录。通过登录权限的鉴证,进一步提高了登录的安全性。即使容器名被窃取,而用户信息不匹配,也无法进入容器。Specifically, only when the returned authentication result is that there is login permission, the container can be accessed through the subsequent steps. If there is no login permission, the login cannot be performed. The authentication of the login authority further improves the security of the login. Even if the container name is stolen and the user information does not match, the container cannot be accessed.
步骤S340,通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机。Step S340, the virtual terminal is connected to the Docker physical machine corresponding to the login information by using the command of the SSH protocol.
步骤S350,通过虚拟终端进入与登录信息对应的容器。In step S350, the container corresponding to the login information is entered through the virtual terminal.
在一个实施例中,步骤S230之后,还包括:当在容器执行退出指令时,退出容器并直接返回至本机。In an embodiment, after step S230, the method further comprises: when the container executes the exit instruction, exiting the container and directly returning to the local machine.
具体的,当在容器执行“exit”退出命令时,退出容器同时会立刻返回第一服务器,不会停留在Docker物理机上,使得用户不能对Docker物理机进行操作,提高了安全性。Specifically, when the container executes the "exit" exit command, the exit container will immediately return to the first server, and will not stay on the Docker physical machine, so that the user can not operate the Docker physical machine, thereby improving security.
在一个实施例中,如图5所示,提供了一种基于Docker的容器登录系统,包括:In one embodiment, as shown in FIG. 5, a Docker-based container login system is provided, including:
第一服务器410,用于接收容器进入命令, 容器进入命令包括登录信息。The first server 410 is configured to receive a container entry command, and the container entry command includes login information.
具体的,第一服务器410上安装有容器进入命令工具接收容器进入命令,可直接通过第一服务器110接收容器进入命令,也可以通过终端先连接并通过SSH命令登录第一服务器110,然后再接收容器进入命令。SSH( Secure Shell ,安全外壳协议)为建立在应用层和传输层基础上的安全协议,通过SSH命令登录第一服务器410并且由于容器进入命令工具安装于第一服务器410中,只有登录了第一服务器410才能输入容器进入命令,提高了容器进入命令的接收的安全性。登录信息可根据需要自定义,如登录信息为容器名称,通过容器名称确定需要登录的容器。如接收的容器进入命令为“go 容器名”。Specifically, the first server 410 is installed with a container access command tool to receive the container entry command, and may directly receive the container entry command through the first server 110, or may be connected to the first server 110 through the SSH command and then received by the terminal. The container enters the command. SSH ( Secure Shell , the security shell protocol) is a security protocol based on the application layer and the transport layer, is logged in to the first server 410 by using an SSH command, and is installed in the first server 410 because the container access command tool is installed, and only the first server 410 is logged in to input. The container enters the command, increasing the security of the receipt of the container into the command. The login information can be customized as needed. For example, the login information is the container name, and the container name needs to be determined by the container name. If the received container enters the command as "go Container name."
第一服务器410还用于通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机。The first server 410 is further configured to open a virtual terminal connection with a Docker physical machine corresponding to the login information by using a command of the SSH protocol.
具体的,第一服务器410通过SSH协议的-t命令打开一个虚拟终端连接与登录信息对应的Docker物理机。通过容器名称可获取与登录信息对应的Docker物理机,如通过容器名称确定容器的IP,然后通过IP得到对应的Docker物理机。通过虚拟终端连接Docker物理机,不用登录Docker物理机,在有多个业务部署在Docker物理机时,不用将Docker物理机的登录权限开放,提高了登录的安全性。当接收到容器进入命令后会自动执行SSH协议的命令打开虚拟终端与Docker物理机连接,不需要手动输入任何信息,提高了登录的方便性。并且这种通过虚拟终端与Docker物理机连接从而通过后续步骤登录容的方法,是强制性不能更改的,保证了登录的安全性。Specifically, the first server 410 opens a virtual terminal connection to the Docker physical machine corresponding to the login information by using the -t command of the SSH protocol. The Docker physical machine corresponding to the login information can be obtained by the container name, such as determining the IP of the container by the container name, and then obtaining the corresponding Docker physical machine through the IP. By connecting the Docker physical machine through the virtual terminal, there is no need to log in to the Docker physical machine. When multiple services are deployed on the Docker physical machine, the login permission of the Docker physical machine is not required to be opened, thereby improving the security of the login. When receiving the container entry command, the SSH protocol command will be automatically executed to open the virtual terminal and connect to the Docker physical machine. No need to manually input any information, which improves the convenience of login. And this method of connecting to the Docker physical machine through the virtual terminal to log in through the subsequent steps is mandatory and cannot be changed, and the security of the login is ensured.
Docker物理机420,用于运行容器。Docker physical machine 420 for running containers.
具体的,一个Docker物理机420可运行一个或多个容器,在一个实施例中,容器为多个,分别对应不同的业务。Specifically, a Docker physical machine 420 can run one or more containers. In one embodiment, there are multiple containers, each corresponding to a different service.
其中,第一服务器410还用于通过虚拟终端进入与登录信息对应的容器。The first server 410 is further configured to enter a container corresponding to the login information by using the virtual terminal.
具体的,第一服务器410执行docker的exec命令通过虚拟终端进入容器内部,步骤S220和步骤S230执行的命令为“ssh -t 192.168.0.1 "docker exec -ti my_container bash",其中192.168.0.1为容器的IP地址,my_container为接收的容器名。整个登录过程用户不会停留在Docker物理机上,而是通过一个虚拟终端,然后直接执行Docker命令进入容器了,由于用户没有在Docker物理机上停留过,即使多个业务部署在Docker物理机上,由于登录用户不能操作Docker物理机,各个业务之间也不会因为用户的操作相互影响,提高了登录的安全性。同时,在登录安全性保证的情况下,可将各个业务同时部署在一个Docker物理机上,提升了资源利用率,降低了机器成本。Specifically, the first server 410 executes the exec command of the docker to enter the inside of the container through the virtual terminal, and the command executed in step S220 and step S230 is “ssh-t”. 192.168.0.1 "docker exec -ti my_container Bash", where 192.168.0.1 is the IP address of the container, and my_container is the name of the container received. The entire login process will not stay on the Docker physical machine, but through a virtual terminal, and then directly execute the Docker command to enter the container, because the user Did not stay on the Docker physical machine, even if multiple services are deployed on the Docker physical machine, because the logged-in user can not operate the Docker physical machine, the business will not be affected by the user's operation, which improves the security of the login. In the case of login security assurance, each service can be deployed on a Docker physical machine at the same time, which improves resource utilization and reduces machine cost.
本实施例中,第一服务器410和Docker物理机420组成的系统通过第一服务器410接收容器进入命令,容器进入命令包括登录信息,通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机,通过虚拟终端进入与登录信息对应的容器,通过虚拟终端连接Docker物理机,不用登录Docker物理机,不用将Docker物理机的登录权限开放,提高了登录的安全性。In this embodiment, the system consisting of the first server 410 and the Docker physical machine 420 receives the container entry command through the first server 410. The container entry command includes login information, and the Docker physics corresponding to the login information is opened by the SSH protocol command. The machine enters the container corresponding to the login information through the virtual terminal, and connects to the Docker physical machine through the virtual terminal, without logging in the Docker physical machine, and does not need to open the login right of the Docker physical machine, thereby improving the security of the login.
在一个实施例中,登录信息包括容器名,如图6所示,系统还包括第二服务器430,第一服务器还用于获取当前登录的用户,发送鉴权请求至第二服务器430,鉴权请求包括容器名和用户的信息。In one embodiment, the login information includes a container name. As shown in FIG. 6, the system further includes a second server 430. The first server is further configured to acquire a currently logged-in user, send an authentication request to the second server 430, and perform authentication. The request includes information about the container name and the user.
具体的,当前登录的用户为登录第一服务器的用户,获取当前登录的用户的信息,如用户名,将携带用户信息和容器名的鉴权请求发送至第二服务器。Specifically, the currently logged-in user is a user who logs in to the first server, and obtains information of the currently logged-in user, such as a user name, and sends an authentication request carrying the user information and the container name to the second server.
第二服务器430用于根据鉴权请求判断登录权限,向第一服务器返回鉴权结果。The second server 430 is configured to determine the login authority according to the authentication request, and return an authentication result to the first server.
具体的,第二服务器中存储了用户信息和容器之间对应的登录权限,根据用户信息和容器名判断用户是否有登录容器的权限,如果有权限,则返回有登录权限的鉴权结果,否则返回没有登录权限的鉴权结果。Specifically, the second server stores the corresponding login permission between the user information and the container, and determines, according to the user information and the container name, whether the user has the permission to log in to the container, and if there is permission, returns the authentication result with the login permission, otherwise Returns the authentication result without login privileges.
第一服务器410还用于如果鉴权结果为有登录权限,则通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机,否则无法登录。The first server 410 is further configured to open the Docker physical machine corresponding to the login information by using the SSH protocol command if the authentication result is the login permission, otherwise the login cannot be performed.
具体的,只有返回的鉴权结果为有登录权限时,第一服务器410才可以通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机,如果没有登录权限,则无法登录。通过登录权限的鉴证,进一步提高了登录的安全性。即使容器名被窃取,而用户信息不匹配,也无法进入容器。Specifically, the first server 410 can open the Docker physical machine corresponding to the login information by using the SSH protocol command if the returned authentication result is the login permission. If the login permission is not available, the first server 410 cannot log in. The authentication of the login authority further improves the security of the login. Even if the container name is stolen and the user information does not match, the container cannot be accessed.
在一个实施例中,容器用于当执行退出指令时,退出并直接返回至第一服务器。In one embodiment, the container is configured to exit and return directly to the first server when the exit instruction is executed.
具体的,容器执行“exit”退出命令时,退出容器同时会立刻返回第一服务器,不会停留在Docker物理机上,使得用户不能对Docker物理机进行操作,提高了安全性。Specifically, when the container executes the "exit" exit command, the container will be immediately returned to the first server and will not stay on the Docker physical machine, so that the user cannot operate the Docker physical machine, which improves the security.
在一个实施例中,如图7所示,提供了一种基于Docker的容器登录装置,包括:In one embodiment, as shown in FIG. 7, a Docker-based container login device is provided, including:
接收模块510,用于接收容器进入命令, 容器进入命令包括登录信息。The receiving module 510 is configured to receive a container entry command, and the container entry command includes login information.
虚拟终端连接模块520,用于通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机。The virtual terminal connection module 520 is configured to open a virtual terminal connection and a Docker physical machine corresponding to the login information by using a command of the SSH protocol.
进入模块530,用于通过虚拟终端进入与登录信息对应的容器。The module 530 is configured to enter a container corresponding to the login information through the virtual terminal.
在一个实施例中,如图8所示,登录信息包括容器名,装置还包括:In one embodiment, as shown in FIG. 8, the login information includes a container name, and the device further includes:
鉴权模块540,用于获取当前登录的用户,发送鉴权请求至第二服务器,鉴权请求包括容器名和用户的信息,以使第二服务器根据鉴权请求判断登录权限,接收第二服务器返回的鉴权结果,如果鉴权结果为有登录权限,则进入虚拟终端连接模块,否则无法登录。The authentication module 540 is configured to obtain the currently logged-in user, and send an authentication request to the second server. The authentication request includes the container name and the user information, so that the second server determines the login permission according to the authentication request, and receives the second server to return. If the authentication result is that there is login permission, the virtual terminal connection module is entered, otherwise the login cannot be performed.
在一个实施例中,如图9所示,装置还包括:In an embodiment, as shown in FIG. 9, the device further includes:
退回模块550,用于当在容器执行退出指令时,退出容器并直接返回至本机。The return module 550 is configured to exit the container and directly return to the local machine when the container executes the exit instruction.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)等非易失性存储介质,或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can understand that all or part of the process of implementing the foregoing embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, or a read-only storage memory (Read-Only) A nonvolatile storage medium such as a memory or a ROM, or a random access memory (RAM).
以上所述实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above-described embodiments may be arbitrarily combined. For the sake of brevity of description, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction between the combinations of these technical features, All should be considered as the scope of this manual.
以上所述实施例仅表达了本发明的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。因此,本发明专利的保护范围应以所附权利要求为准。The above-described embodiments are merely illustrative of several embodiments of the present invention, and the description thereof is more specific and detailed, but is not to be construed as limiting the scope of the invention. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of the invention should be determined by the appended claims.

Claims (10)

  1. 一种基于Docker的容器登录方法,包括:A Docker-based container login method that includes:
    接收容器进入命令,所述容器进入命令包括登录信息;Receiving a container entry command, the container entry command including login information;
    通过SSH协议的命令打开虚拟终端连接与所述登录信息对应的Docker物理机;及The virtual terminal is connected to the Docker physical machine corresponding to the login information by using a command of the SSH protocol; and
    通过所述虚拟终端进入与所述登录信息对应的容器。Entering, by the virtual terminal, a container corresponding to the login information.
  2. 根据权利要求1所述的方法,其特征在于,所述登录信息包括容器名,在所述接收容器进入命令的步骤之后,还包括:The method according to claim 1, wherein the login information includes a container name, and after the step of the receiving container entering the command, the method further includes:
    获取当前登录的用户,发送鉴权请求至第二服务器,所述鉴权请求包括所述容器名和所述用户的信息,以使所述第二服务器根据所述鉴权请求判断登录权限;Obtaining the currently logged-in user, and sending the authentication request to the second server, where the authentication request includes the container name and the information of the user, so that the second server determines the login authority according to the authentication request;
    接收所述第二服务器返回的鉴权结果,如果所述鉴权结果为有登录权限,则进入通过SSH协议的命令打开虚拟终端连接与所述登录信息对应的Docker物理机的步骤,否则无法登录。Receiving the authentication result returned by the second server, if the authentication result is that there is a login right, the step of opening the virtual terminal to connect to the Docker physical machine corresponding to the login information by using the command of the SSH protocol, otherwise the login cannot be performed. .
  3. 根据权利要求1所述的方法,其特征在于,所述通过所述虚拟终端进入与所述登录信息对应的容器的步骤之后,还包括:The method according to claim 1, wherein the step of entering the container corresponding to the login information by the virtual terminal further comprises:
    当在所述容器执行退出指令时,退出所述容器并直接返回至本机。When the exit instruction is executed at the container, the container is exited and returned directly to the machine.
  4. 一种第一服务器,包括存储器和处理器,所述存储器中储存有指令,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:A first server includes a memory and a processor, the memory storing instructions that, when executed by the processor, cause the processor to perform the following steps:
    接收容器进入命令,所述容器进入命令包括登录信息;Receiving a container entry command, the container entry command including login information;
    通过SSH协议的命令打开虚拟终端连接与所述登录信息对应的Docker物理机;及The virtual terminal is connected to the Docker physical machine corresponding to the login information by using a command of the SSH protocol; and
    通过所述虚拟终端进入与所述登录信息对应的容器。Entering, by the virtual terminal, a container corresponding to the login information.
  5. 根据权利要求4所述的第一服务器,其特征在于,所述登录信息包括容器名,所述指令被所述处理器执行时,还使得所述处理器执行以下步骤:The first server of claim 4, wherein the login information comprises a container name, and when the instructions are executed by the processor, the processor further causes the processor to perform the following steps:
    获取当前登录的用户,发送鉴权请求至第二服务器,所述鉴权请求包括所述容器名和所述用户的信息,以使所述第二服务器根据所述鉴权请求判断登录权限;Obtaining the currently logged-in user, and sending the authentication request to the second server, where the authentication request includes the container name and the information of the user, so that the second server determines the login authority according to the authentication request;
    接收所述第二服务器返回的鉴权结果,如果所述鉴权结果为有登录权限,则进入通过SSH协议的命令打开虚拟终端连接与所述登录信息对应的Docker物理机的步骤,否则无法登录。Receiving the authentication result returned by the second server, if the authentication result is that there is a login right, the step of opening the virtual terminal to connect to the Docker physical machine corresponding to the login information by using the command of the SSH protocol, otherwise the login cannot be performed. .
  6. 根据权利要求4所述的第一服务器,其特征在于,所述指令被所述处理器执行时,还使得所述处理器执行以下步骤:The first server of claim 4 wherein said instructions, when executed by said processor, further cause said processor to perform the following steps:
    当在所述容器执行退出指令时,退出所述容器并直接返回至本机。When the exit instruction is executed at the container, the container is exited and returned directly to the machine.
  7. 一种基于Docker的容器登录系统,包括:A Docker-based container login system that includes:
    第一服务器,用于接收容器进入命令,所述容器进入命令包括登录信息,所述第一服务器还用于通过SSH协议的命令打开虚拟终端连接与登录信息对应的Docker物理机;a first server, configured to receive a container entry command, where the container entry command includes login information, and the first server is further configured to open a virtual terminal connection and a Docker physical machine corresponding to the login information by using a command of the SSH protocol;
    Docker物理机,用于运行容器;Docker physical machine for running containers;
    其中,所述第一服务器还用于通过所述虚拟终端进入与所述登录信息对应的容器。The first server is further configured to enter a container corresponding to the login information by using the virtual terminal.
  8. 根据权利要求7所述的系统,其特征在于,所述登录信息包括容器名,所述系统还包括第二服务器:The system of claim 7 wherein said login information comprises a container name and said system further comprises a second server:
    所述第一服务器还用于获取当前登录的用户,发送鉴权请求至所述第二服务器,所述鉴权请求包括所述容器名和所述用户的信息;The first server is further configured to acquire a currently logged-in user, and send an authentication request to the second server, where the authentication request includes the container name and information about the user;
    所述第二服务器用于根据所述鉴权请求判断登录权限,向所述第一服务器返回鉴权结果;The second server is configured to determine, according to the authentication request, a login right, and return an authentication result to the first server;
    所述第一服务器还用于如果所述鉴权结果为有登录权限,则通过SSH协议的命令打开虚拟终端连接与所述登录信息对应的Docker物理机,否则无法登录。The first server is further configured to: if the authentication result is a login permission, open a virtual terminal connection to the Docker physical machine corresponding to the login information by using a command of the SSH protocol, otherwise the login cannot be performed.
  9. 根据权利要求7所述的系统,其特征在于,所述容器用于当执行退出指令时,退出并直接返回至所述第一服务器。The system of claim 7 wherein said container is operative to exit and return directly to said first server when an exit instruction is executed.
  10. 根据权利要求7所述的系统,其特征在于,所述容器为多个,分别对应不同的业务。The system according to claim 7, wherein the plurality of containers are corresponding to different services.
PCT/CN2016/082406 2015-12-17 2016-05-17 Docker-based container login method, server and system WO2017101252A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510955719.5 2015-12-17
CN201510955719.5A CN106899544B (en) 2015-12-17 2015-12-17 Container login method, device and system based on Docker

Publications (1)

Publication Number Publication Date
WO2017101252A1 true WO2017101252A1 (en) 2017-06-22

Family

ID=59055645

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/082406 WO2017101252A1 (en) 2015-12-17 2016-05-17 Docker-based container login method, server and system

Country Status (2)

Country Link
CN (1) CN106899544B (en)
WO (1) WO2017101252A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719303A (en) * 2018-07-11 2020-01-21 大唐移动通信设备有限公司 Containerization NRF method and system
CN113162806A (en) * 2021-04-23 2021-07-23 华上(天津)信息科技发展有限公司 Remote operation and maintenance method
CN113434257A (en) * 2021-07-07 2021-09-24 曙光信息产业(北京)有限公司 Docker operation method, device, server and storage medium
CN116107715A (en) * 2023-02-02 2023-05-12 北京天云融创软件技术有限公司 Method for running Docker container task and task scheduler

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525624B (en) * 2017-09-20 2022-01-04 腾讯科技(深圳)有限公司 Container login method and device and storage medium
CN107948203B (en) * 2017-12-29 2019-09-13 平安科技(深圳)有限公司 A kind of container login method, application server, system and storage medium
CN111176794A (en) * 2020-01-02 2020-05-19 腾讯科技(深圳)有限公司 Container management method and device and readable storage medium
CN111479084B (en) * 2020-03-04 2023-07-28 视联动力信息技术股份有限公司 Video networking conference establishment method, device, system and storage medium
CN111367573B (en) * 2020-03-12 2021-10-22 腾讯科技(深圳)有限公司 Equipment login method, device, storage medium and computer equipment
CN111639314B (en) * 2020-05-15 2024-01-12 京东科技控股股份有限公司 Container login system, method, server and storage medium
CN113051035B (en) * 2021-03-31 2024-02-02 杭州海康威视系统技术有限公司 Remote control method, device, system and host

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015126292A1 (en) * 2014-02-20 2015-08-27 Telefonaktiebolaget L M Ericsson (Publ) Methods, apparatuses, and computer program products for deploying and managing software containers
CN104951308A (en) * 2015-06-30 2015-09-30 北京奇虎科技有限公司 Docker Registry management optimization mode and device
CN105045656A (en) * 2015-06-30 2015-11-11 深圳清华大学研究院 Virtual container based big data storage and management method
CN105068874A (en) * 2015-08-12 2015-11-18 国家电网公司 Resource on-demand dynamic allocation method combining with Docker technology
CN105160269A (en) * 2015-08-13 2015-12-16 浪潮电子信息产业股份有限公司 Method and apparatus for accessing data in Docker container

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015126292A1 (en) * 2014-02-20 2015-08-27 Telefonaktiebolaget L M Ericsson (Publ) Methods, apparatuses, and computer program products for deploying and managing software containers
CN104951308A (en) * 2015-06-30 2015-09-30 北京奇虎科技有限公司 Docker Registry management optimization mode and device
CN105045656A (en) * 2015-06-30 2015-11-11 深圳清华大学研究院 Virtual container based big data storage and management method
CN105068874A (en) * 2015-08-12 2015-11-18 国家电网公司 Resource on-demand dynamic allocation method combining with Docker technology
CN105160269A (en) * 2015-08-13 2015-12-16 浪潮电子信息产业股份有限公司 Method and apparatus for accessing data in Docker container

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719303A (en) * 2018-07-11 2020-01-21 大唐移动通信设备有限公司 Containerization NRF method and system
CN110719303B (en) * 2018-07-11 2021-03-12 大唐移动通信设备有限公司 Containerization NRF method and system
CN113162806A (en) * 2021-04-23 2021-07-23 华上(天津)信息科技发展有限公司 Remote operation and maintenance method
CN113434257A (en) * 2021-07-07 2021-09-24 曙光信息产业(北京)有限公司 Docker operation method, device, server and storage medium
CN116107715A (en) * 2023-02-02 2023-05-12 北京天云融创软件技术有限公司 Method for running Docker container task and task scheduler
CN116107715B (en) * 2023-02-02 2023-09-26 北京天云融创软件技术有限公司 Method for running Docker container task and task scheduler

Also Published As

Publication number Publication date
CN106899544B (en) 2020-04-03
CN106899544A (en) 2017-06-27

Similar Documents

Publication Publication Date Title
WO2017101252A1 (en) Docker-based container login method, server and system
US11025647B2 (en) Providing a virtual security appliance architecture to a virtual cloud infrastructure
US20210058301A1 (en) Extension resource groups of provider network services
WO2019184164A1 (en) Method for automatically deploying kubernetes worker node, device, terminal apparatus, and readable storage medium
US9875359B2 (en) Security management for rack server system
CN103946834B (en) virtual network interface objects
US8572609B2 (en) Configuring bypass functionality of a network device based on the state of one or more hosted virtual machines
US10972449B1 (en) Communication with components of secure environment
WO2019127973A1 (en) Authority authentication method, system and device for mirror repository, and storage medium
US20110002346A1 (en) Extended Network Protocols for Communicating Metadata with Virtual Machines
US20190141036A1 (en) Access control
US20220278927A1 (en) Data interfaces with isolation for containers deployed to compute nodes
WO2018094809A1 (en) Resource sharing method and apparatus
US20200159555A1 (en) Provider network service extensions
US11563799B2 (en) Peripheral device enabling virtualized computing service extensions
US11520530B2 (en) Peripheral device for configuring compute instances at client-selected servers
WO2018160039A1 (en) Automatic authentication processing method and system using dividing function
CN111510444A (en) Remote access method, system, server and access auxiliary component of container
CN114942826A (en) Cross-network multi-cluster system, access method thereof and cloud computing equipment
CN111240924A (en) Detection method and system for Socket monitoring of Linux virtual machine
US20070180238A1 (en) Method, apparatus and system for performing access control and intrusion detection on encrypted data
CN109039823B (en) Network system firewall detection method, device, equipment and storage medium
US20150334115A1 (en) Dynamic provisioning of virtual systems
KR20140113276A (en) Self-configuring local area network security
Zheng et al. A flexible and efficient container-based nfv platform for middlebox networking

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16874316

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 19/10/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16874316

Country of ref document: EP

Kind code of ref document: A1