SSH - WIP #19

New Issue

adam · 2025-12-29T05:19:52+01:00

adam commented

2025-12-29 05:19:52 +01:00

Originally created by @sickcodes on GitHub (Jun 8, 2020).

Just a heads up if anyone was working on it, I will have an SSH “double” tunnel fix added today so you can SSH straight through from host, to container, to the QEMU guest.

Originally created by @sickcodes on GitHub (Jun 8, 2020). Just a heads up if anyone was working on it, I will have an SSH “double” tunnel fix added today so you can SSH straight through from host, to container, to the QEMU guest.

adam closed this issue

2025-12-29 05:19:52 +01:00

adam commented

2025-12-29 05:19:53 +01:00

@fieu commented on GitHub (Jun 9, 2020):

@sickcodes How's it looking? Any hickups?

@fieu commented on GitHub (Jun 9, 2020): @sickcodes How's it looking? Any hickups?

adam commented

2025-12-29 05:19:53 +01:00

@sickcodes commented on GitHub (Jun 9, 2020):

# allow ssh to container
WORKDIR /root
RUN mkdir .ssh
RUN chmod 700 .ssh

WORKDIR /root/.ssh
RUN touch authorized_keys
RUN chmod 644 authorized_keys

WORKDIR /etc/ssh
RUN tee -a sshd_config <<< 'AllowTcpForwarding yes'
RUN tee -a sshd_config <<< 'PermitTunnel yes'
RUN tee -a sshd_config <<< 'X11Forwarding yes'
RUN tee -a sshd_config <<< 'PasswordAuthentication yes'
RUN tee -a sshd_config <<< 'PermitRootLogin yes'
RUN tee -a sshd_config <<< 'PubkeyAuthentication yes'
RUN tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_rsa_key'
RUN tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ecdsa_key'
RUN tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ed25519_key'

# enable ssh on start
USER arch
RUN tee -a ssh_enable.sh <<< '[[ -f /etc/ssh/ssh_host_rsa_key ]] || \ '
RUN tee -a ssh_enable.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \ '
RUN tee -a ssh_enable.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \ '
RUN tee -a ssh_enable.sh <<< 'sudo /usr/bin/ssh-keygen -A'

Here's enabling SSH which works fine.

Because I set it to usermode networking, I am not sure how to then SSH into the QEMU instance. I can do it when it's bridged, but bridged networking wasn't working. Do you have experience with it?

@sickcodes commented on GitHub (Jun 9, 2020): ``` # allow ssh to container WORKDIR /root RUN mkdir .ssh RUN chmod 700 .ssh WORKDIR /root/.ssh RUN touch authorized_keys RUN chmod 644 authorized_keys WORKDIR /etc/ssh RUN tee -a sshd_config <<< 'AllowTcpForwarding yes' RUN tee -a sshd_config <<< 'PermitTunnel yes' RUN tee -a sshd_config <<< 'X11Forwarding yes' RUN tee -a sshd_config <<< 'PasswordAuthentication yes' RUN tee -a sshd_config <<< 'PermitRootLogin yes' RUN tee -a sshd_config <<< 'PubkeyAuthentication yes' RUN tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_rsa_key' RUN tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ecdsa_key' RUN tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ed25519_key' # enable ssh on start USER arch RUN tee -a ssh_enable.sh <<< '[[ -f /etc/ssh/ssh_host_rsa_key ]] || \ ' RUN tee -a ssh_enable.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \ ' RUN tee -a ssh_enable.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \ ' RUN tee -a ssh_enable.sh <<< 'sudo /usr/bin/ssh-keygen -A' ``` Here's enabling SSH which works fine. Because I set it to usermode networking, I am not sure how to then SSH into the QEMU instance. I can do it when it's bridged, but bridged networking wasn't working. Do you have experience with it?

adam commented

2025-12-29 05:19:53 +01:00

@sickcodes commented on GitHub (Jun 9, 2020):

# from host
ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_dockerosx
chmod 644 ~/.ssh/id_dockerosx.pub
chmod 500 ~/.ssh/id_dockerosx
# docker copy the key to the guest's ssh folder and as authorized_hosts
docker cp ~/.ssh/id_dockerosx.pub ${CONTAINER}:/root/.ssh/id_dockerosx.pub
docker cp ~/.ssh/id_dockerosx.pub ${CONTAINER}:/root/.ssh/authorized_keys

# chmod 644 public key & authorized_keys
docker exec -u root -it $CONTAINER /bin/chmod 644 /root/.ssh/id_dockerosx.pub 
docker exec -u root -it $CONTAINER /bin/chmod 644 /root/.ssh/authorized_keys

# chown root:root public key & authorized_keys
docker exec -u root -it $CONTAINER /bin/chown root:root /root/.ssh/id_dockerosx.pub 
docker exec -u root -it $CONTAINER /bin/chown root:root /root/.ssh/authorized_keys 
docker exec -u root -d $CONTAINER /bin/sshd -D

@sickcodes commented on GitHub (Jun 9, 2020): ``` # from host ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_dockerosx chmod 644 ~/.ssh/id_dockerosx.pub chmod 500 ~/.ssh/id_dockerosx # docker copy the key to the guest's ssh folder and as authorized_hosts docker cp ~/.ssh/id_dockerosx.pub ${CONTAINER}:/root/.ssh/id_dockerosx.pub docker cp ~/.ssh/id_dockerosx.pub ${CONTAINER}:/root/.ssh/authorized_keys # chmod 644 public key & authorized_keys docker exec -u root -it $CONTAINER /bin/chmod 644 /root/.ssh/id_dockerosx.pub docker exec -u root -it $CONTAINER /bin/chmod 644 /root/.ssh/authorized_keys # chown root:root public key & authorized_keys docker exec -u root -it $CONTAINER /bin/chown root:root /root/.ssh/id_dockerosx.pub docker exec -u root -it $CONTAINER /bin/chown root:root /root/.ssh/authorized_keys docker exec -u root -d $CONTAINER /bin/sshd -D ```

adam commented

2025-12-29 05:19:53 +01:00

@sickcodes commented on GitHub (Jun 9, 2020):

Can SSH if switch back to bridge networking, but I think libvirt didn’t create a default virsh networking profile. Or if someone wants to contribute something like a sock like /dev ssh or anything really that’d be great.

@sickcodes commented on GitHub (Jun 9, 2020): Can SSH if switch back to bridge networking, but I think libvirt didn’t create a default virsh networking profile. Or if someone wants to contribute something like a sock like /dev ssh or anything really that’d be great.

adam commented

2025-12-29 05:19:54 +01:00

@fieu commented on GitHub (Jun 10, 2020):

@sickcodes I barely know anything about SSH and QEMU is a whole other dimension for me haha. Sorry but I don't think I will be much of a help. Was just wondering cause I want to integrate this into my CI environment. I wish you luck man! 👍

@fieu commented on GitHub (Jun 10, 2020): @sickcodes I barely know anything about SSH and QEMU is a whole other dimension for me haha. Sorry but I don't think I will be much of a help. Was just wondering cause I want to integrate this into my CI environment. I wish you luck man! :+1:

adam commented

2025-12-29 05:19:54 +01:00

@sickcodes commented on GitHub (Jun 11, 2020):

Thanks mate! Hopefully this weekend I’ll have some free time. Someone else could fix this by changing the networking part back to bridging and then you can just forward 22 on the QEMU box to 23 or something on the Arch host. I’ve SSH’d in before fine, the issue is the default network in virsh is not present on install.

The QEMU system is reachable in 10.0.15.2 or similar.

Would be great if someone with QEMU or simple container networking could help :)

@sickcodes commented on GitHub (Jun 11, 2020): Thanks mate! Hopefully this weekend I’ll have some free time. Someone else could fix this by changing the networking part back to bridging and then you can just forward 22 on the QEMU box to 23 or something on the Arch host. I’ve SSH’d in before fine, the issue is the default network in virsh is not present on install. The QEMU system is reachable in 10.0.15.2 or similar. Would be great if someone with QEMU or simple container networking could help :)

adam commented

2025-12-29 05:19:55 +01:00

@fieu commented on GitHub (Jun 11, 2020):

@sickcodes Right on, good lookin' profile pic 😄

@fieu commented on GitHub (Jun 11, 2020): @sickcodes Right on, good lookin' profile pic 😄

adam commented

2025-12-29 05:19:55 +01:00

@sickcodes commented on GitHub (Jun 14, 2020):

Finished :)
0a9da5af75

@sickcodes commented on GitHub (Jun 14, 2020): Finished :) https://github.com/sickcodes/Docker-OSX/commit/0a9da5af75df1f08446c76c527ad3a3a0e2b50f8

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/Docker-OSX-sickcodes#19