[Podman] Re: Anyone got ZeroTier working in podman containers? - First prob resolved, next Q

Daniel, On 2020-03-19 07:11, Daniel Walsh wrote: > On 3/18/20 16:08, Philip Rhoades wrote: >> Alexander, Daniel, >> >> >> On 2020-03-19 04:26, Alexander E. Patrakov wrote: >>> On Wed, Mar 18, 2020 at 10:21 PM Daniel Walsh <dwalsh(a)redhat.com&gt; >>> wrote: >>>> >>>> On 3/18/20 10:42, Alexander E. Patrakov wrote: >>>> > On Wed, Mar 18, 2020 at 7:29 PM Philip Rhoades >>>> <phil(a)pricom.com.au&gt; wrote: >>>> > >>>> >> I realise that ssh'ing into a remote container does not fit >>>> with the >>>> >> conceptual framework of how containers are supposed to work but >>>> if I can >>>> >> get it to work, I am prepared to break with convention . . >>>> > This is only a convention. For LXC, nobody would blame you for >>>> > connecting to your container via ssh, in fact they encourage you >>>> to do >>>> > so. And I would imagine that it is a valid and natural option >>>> for any >>>> > container that runs systemd inside. >>>> > >>>> Sure, but I would say that is closer to a VM.  You can enable the >>>> sshd >>>> daemon within the container if you want, or you could just setup an >>>> account for the user to ssh to on your host and then setup sudo to >>>> run >>>> podman exec to enter the container. >>> >>> Right. However, some people do want lightweight VM lookalikes, and >>> such two-step procedure is sometimes inconvenient e.g. with IDEs or if >>> there are things like umask that are nicely enforced by PAM in the >>> container. >>> >>>> If you want to setup sshd to get into the container, then you need to >>>> pick a port on the host for sshd to listen on.  And map port 22 from >>>> the >>>> container to a different port on the host, and then have the remote >>>> user >>>> ssh to the external port. >>> >>> Yes. Or just use IPv6 to ssh directly into the container ;) >> >> >> The point of using ZeroTier is that it provides me with a secure "VPN" >> - and this works quite happily for all my real machines and VMs - but >> I want to get this QMail project working with Podman - for all the >> reasons people like to use containers - but there is still an issue >> with podman . . >> >> Thanks, >> >> Phil. > > How is this an issue with Podman.  You need to setup your container with > sshd and it should handle the situation you want.  ? I have done that - that's how I know there is a problem - from a previous mail: "OK, now I should be able to use ZeroTier to ssh to the container but although I have installed and started the sshd server and allowed a root login I get: # ssh 10.147.18.191 ssh: connect to host 10.147.18.191 port 22: No route to host I can ssh to other (non container) ZT IPs OK . ." Thanks, Phil.