[Podman] Re: Anyone got ZeroTier working in podman containers? - First prob resolved, next Q

On 3/18/20 16:08, Philip Rhoades wrote: > Alexander, Daniel, > > > On 2020-03-19 04:26, Alexander E. Patrakov wrote: >> On Wed, Mar 18, 2020 at 10:21 PM Daniel Walsh <dwalsh(a)redhat.com&gt; >> wrote: >>> >>> On 3/18/20 10:42, Alexander E. Patrakov wrote: >>> > On Wed, Mar 18, 2020 at 7:29 PM Philip Rhoades >>> <phil(a)pricom.com.au&gt; wrote: >>> > >>> >> I realise that ssh'ing into a remote container does not fit with the >>> >> conceptual framework of how containers are supposed to work but >>> if I can >>> >> get it to work, I am prepared to break with convention . . >>> > This is only a convention. For LXC, nobody would blame you for >>> > connecting to your container via ssh, in fact they encourage you >>> to do >>> > so. And I would imagine that it is a valid and natural option for any >>> > container that runs systemd inside. >>> > >>> Sure, but I would say that is closer to a VM.  You can enable the >>> sshd >>> daemon within the container if you want, or you could just setup an >>> account for the user to ssh to on your host and then setup sudo to >>> run >>> podman exec to enter the container. >> >> Right. However, some people do want lightweight VM lookalikes, and >> such two-step procedure is sometimes inconvenient e.g. with IDEs or >> if >> there are things like umask that are nicely enforced by PAM in the >> container. >> >>> If you want to setup sshd to get into the container, then you need >>> to >>> pick a port on the host for sshd to listen on.  And map port 22 from >>> the >>> container to a different port on the host, and then have the remote >>> user >>> ssh to the external port. >> >> Yes. Or just use IPv6 to ssh directly into the container ;) > > > The point of using ZeroTier is that it provides me with a secure "VPN" > - and this works quite happily for all my real machines and VMs - but > I want to get this QMail project working with Podman - for all the > reasons people like to use containers - but there is still an issue > with podman . . > > Thanks, > > Phil. How is this an issue with Podman.  You need to setup your container with sshd and it should handle the situation you want.