A related and equally unfortunate practice is to bake an SSH daemon into an image. Having an SSH daemon inside a container may lead to undocumented, untraceable changes to the container infrastructure, but Docker containers are being touted as the immutable infrastructure.
There are a few use cases for SSHing into a container:
- Update the OS, services, or dependencies
- Git pull or update any application in some other fashion
- Check logs
- Backup some files
- Restart a service
Instead of using SSH, it is recommended to use the following mechanisms:
- Make the change in the container Dockerfile, rebuild the image, and deploy the container.
- Use an environment variable or configuration file accessible via volume sharing to make the change and possibly restart the container.
- As indicated before, use docker exec. The docker exec command starts a new command in a running container, and hence has to be the last resort.