On 3/18/20 16:29, Philip Rhoades wrote:
Daniel,
On 2020-03-19 07:11, Daniel Walsh wrote:
> On 3/18/20 16:08, Philip Rhoades wrote:
>> Alexander, Daniel,
>>
>>
>> On 2020-03-19 04:26, Alexander E. Patrakov wrote:
>>> On Wed, Mar 18, 2020 at 10:21 PM Daniel Walsh <dwalsh(a)redhat.com>
>>> wrote:
>>>>
>>>> On 3/18/20 10:42, Alexander E. Patrakov wrote:
>>>> > On Wed, Mar 18, 2020 at 7:29 PM Philip Rhoades
>>>> <phil(a)pricom.com.au> wrote:
>>>> >
>>>> >> I realise that ssh'ing into a remote container does not fit
>>>> with the
>>>> >> conceptual framework of how containers are supposed to work but
>>>> if I can
>>>> >> get it to work, I am prepared to break with convention . .
>>>> > This is only a convention. For LXC, nobody would blame you for
>>>> > connecting to your container via ssh, in fact they encourage you
>>>> to do
>>>> > so. And I would imagine that it is a valid and natural option
>>>> for any
>>>> > container that runs systemd inside.
>>>> >
>>>> Sure, but I would say that is closer to a VM. You can enable the
>>>> sshd
>>>> daemon within the container if you want, or you could just setup an
>>>> account for the user to ssh to on your host and then setup sudo to
>>>> run
>>>> podman exec to enter the container.
>>>
>>> Right. However, some people do want lightweight VM lookalikes, and
>>> such two-step procedure is sometimes inconvenient e.g. with IDEs or if
>>> there are things like umask that are nicely enforced by PAM in the
>>> container.
>>>
>>>> If you want to setup sshd to get into the container, then you need to
>>>> pick a port on the host for sshd to listen on. And map port 22 from
>>>> the
>>>> container to a different port on the host, and then have the remote
>>>> user
>>>> ssh to the external port.
>>>
>>> Yes. Or just use IPv6 to ssh directly into the container ;)
>>
>>
>> The point of using ZeroTier is that it provides me with a secure "VPN"
>> - and this works quite happily for all my real machines and VMs - but
>> I want to get this QMail project working with Podman - for all the
>> reasons people like to use containers - but there is still an issue
>> with podman . .
>>
>> Thanks,
>>
>> Phil.
>
> How is this an issue with Podman. You need to setup your container with
> sshd and it should handle the situation you want.
? I have done that - that's how I know there is a problem - from a
previous mail:
"OK, now I should be able to use ZeroTier to ssh to the container but
although I have installed and started the sshd server and allowed a
root login I get:
# ssh 10.147.18.191
ssh: connect to host 10.147.18.191 port 22: No route to host
I can ssh to other (non container) ZT IPs OK . ."
Thanks,
Phil.
Podman setup the container properly. You did not tell your container to
start the sshd daemon inside and you did not run the container with
ports to listen on.
Basically the container is running within its own network environment
and does not have sshd running.
You can exec into the container and start the sshd service.