[lxc-devel] OpenSSH support in Busybox containers

[Stéphane Graber]

On Tue, Apr 21, 2015 at 01:56:30PM +0300, Purcareata Bogdan wrote:
> Hello,
> 
> Currently the Busybox container template looks for the dropbear
> (lightweight SSH utilities package) binary in the host, and copies
> it in the container rootfs by default in order to provide SSH
> support in the Busybox container.
> 
> I would like to do the same thing, but using OpenSSH instead of
> Dropbear. Meaning that I would like to add this feature to the
> Busybox template, to look for the OpenSSH binaries on the host and
> copy them in the container rootfs, with the additional setup of the
> configuration files (sshd_config, authorized_keys, etc.). I've found
> some inspiration regarding what's required in the lxc-sshd template,
> altough there are some differences there - mainly there's no
> separate rootfs built, instead there are some bind mounts from the
> host rootfs.
> 
> I was wondering if adding OpenSSH support would make sense for the
> upstream Busybox container template? And how should I go about it -
> first try to add Dropbear, and if it's not available on host, try
> for OpenSSH? Should SSH support even be a default feature of the
> Busybox container, or should there be a flag to add it, and perhaps,
> which package - Dropbear or SSH?
> 
> Thanks!
> Bogdan P.

I think dropbear and fallback to openssh would be fine, possibly with a
flag to set which you actually want.

One trick however will be that openssh is likely to depend on a bunch of
external libraries which in turn may depend on even more, so resolving
all of those in a way that works on all distros will be a bit of a
challenge I expect.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150422/ff8e63e5/attachment.sig>