Introduction
When testing or troubleshooting a containerized app, it is practical to analyze runtime information straight from the container's shell prompt. Docker supports multiple ways to access the container's environment and execute the necessary commands.
This guide shows you how to SSH into a Docker container and presents four alternative methods of accessing the container's shell using the Docker command-line interface.
Prerequisites
- Docker installed.
- SSH enabled on the host and in the container (read how to enable SSH on Ubuntu or enable SSH on CentOS).
- Command-line access.
- A user account with administrative privileges.
Method 1: Use SSH to Connect to a Docker Container
The primary purpose of the SSH protocol is to enable a secure network connection to a remote server. Although Docker containers do not run full-fledged operating systems, they all have private IP addresses, so it is possible to use SSH to establish a local connection to their shell.
Warning: Using SSH to connect to a container requires an SSH daemon to run on the container constantly. The SSH daemon inflates the size and increases the potential attack surface of the container. For these reasons, avoiding SSH and using alternative ways to access a container shell is recommended.
Follow the steps below to connect to a Docker container using SSH.
Step 1: Get IP Address of Container
The SSH client requires the server's IP address to establish the connection. Execute the following commands to obtain the container's IP address:
1. List the containers running on the system:
docker ps2. Find the container's name or ID. The example below shows the container named ssh-test, with the ID eefcc80ffcb0.
3. Find the container's IP address with the following docker inspect command:
docker inspect -f "{{ .NetworkSettings.IPAddress }}" [container-name-or-id]The output shows the address.
Note: Only a running container shows its IP address. Use the docker run command to create and run new containers, or start existing containers with docker start [container-name-or-id].
4. Ping the address to make sure it is reachable:
ping –c 3 [ip-address]If the connection is active, ping exchanges data with the container.
Step 2: SSH Into Docker Container
Once you know the IP address of the container, type the following command:
ssh [username]@[ip-address]The system prompts for the user password and connects to the container shell.
Method 2: Use docker exec Command
docker exec executes a user-specified command inside a running container. If the user provides the path to a shell instead of a specific command, docker exec enables shell access to the container.
The basic syntax for using docker exec to run a command inside a container is:
docker exec [container-name] [command]For example, to see the contents of the /usr directory within the ssh-test container, type:
docker exec ssh-test ls -la /usr
To access the container shell, run the docker exec command with the -it option (interactive mode) and provide the path to a shell. For example, to open a Bash shell in the nginx-test container, type:
docker exec –it nginx-test /bin/bashThe Bash prompt appears.
When you finish working inside the container, type Exit to close the session. The container keeps running in the background.
Method 3: Use docker attach Command
The docker attach command links a local input, output, and error stream to a container.
To create a container that supports attaching to the internal shell, use the -dit option (detached and interactive). For example, to create a container named attach-test using the Ubuntu image, run the command below:
docker run --name attach-test -dit ubuntuNote: Depending on the container type, docker attach does not always provide the shell. If, for example, your container runs a web server, the command may connect you to the stdout of the web server process.
To attach to a running container, enter the following:
docker attach [container-name]In the example below, the system connects to the attach-test container:
docker attach attach-test
When you finish working in the container, type Exit to stop the container and exit. If you want to leave the container running, exit by pressing Ctrl + P and Ctrl + Q in a sequence.
Method 4: Use docker run Command
The docker run command creates and starts containers. To access a container's shell right after the container is created, use the -it (interactive) option and provide the path to a shell:
docker run --name [container-name] -it [image-name] [shell]For example, to access the Bash shell in the container named run-test that uses the nginx image, type the command below:
docker run --name run-test -it nginx /bin/bash
When you exit the session, the container stops.
Method 5: Use Docker Compose
Version 2 of Docker Compose supports the exec command and allows container shell prompt access to the services deployed through Docker Compose. To access a service's shell prompt, execute the following command from the directory that contains the deployment project files:
docker compose exec [service] [shell]For example, to access the Bash shell in the php service container, type:
docker compose exec php /bin/bash
Note: Find out which version of Docker Compose you have installed by looking at the command syntax. The docker-compose command is part of the deprecated version 1, while the version 2 features the docker compose command. To install version 2 of Docker Compose on Ubuntu, type sudo apt install docker-compose-v2.
Conclusion
After reading the article, you should know how to SSH into a Docker container. However, since using SSH to access the container shell is not recommended due to performance and security concerns, the article also provided four alternative solutions.
If you wish to preserve the changes you make to a container, read How to Commit Changes to a Docker Image.
