[Podman] Re: Anyone got ZeroTier working in podman containers? - First prob resolved, next Q

Alexander, Daniel, On 2020-03-19 04:26, Alexander E. Patrakov wrote: > On Wed, Mar 18, 2020 at 10:21 PM Daniel Walsh <dwalsh(a)redhat.com&gt; wrote: >> >> On 3/18/20 10:42, Alexander E. Patrakov wrote: >> > On Wed, Mar 18, 2020 at 7:29 PM Philip Rhoades >> <phil(a)pricom.com.au&gt; wrote: >> > >> >> I realise that ssh'ing into a remote container does not fit with the >> >> conceptual framework of how containers are supposed to work but >> if I can >> >> get it to work, I am prepared to break with convention . . >> > This is only a convention. For LXC, nobody would blame you for >> > connecting to your container via ssh, in fact they encourage you >> to do >> > so. And I would imagine that it is a valid and natural option for any >> > container that runs systemd inside. >> > >> Sure, but I would say that is closer to a VM.  You can enable the sshd >> daemon within the container if you want, or you could just setup an >> account for the user to ssh to on your host and then setup sudo to run >> podman exec to enter the container. > > Right. However, some people do want lightweight VM lookalikes, and > such two-step procedure is sometimes inconvenient e.g. with IDEs or if > there are things like umask that are nicely enforced by PAM in the > container. > >> If you want to setup sshd to get into the container, then you need to >> pick a port on the host for sshd to listen on.  And map port 22 from >> the >> container to a different port on the host, and then have the remote >> user >> ssh to the external port. > > Yes. Or just use IPv6 to ssh directly into the container ;) The point of using ZeroTier is that it provides me with a secure "VPN" - and this works quite happily for all my real machines and VMs - but I want to get this QMail project working with Podman - for all the reasons people like to use containers - but there is still an issue with podman . . Thanks, Phil.