[lxc-devel] OpenSSH support in Busybox containers

[Purcareata Bogdan]

On 22.04.2015 19:13, Stéphane Graber wrote:
> On Tue, Apr 21, 2015 at 01:56:30PM +0300, Purcareata Bogdan wrote:
>> Hello,
>>
>> Currently the Busybox container template looks for the dropbear
>> (lightweight SSH utilities package) binary in the host, and copies
>> it in the container rootfs by default in order to provide SSH
>> support in the Busybox container.
>>
>> I would like to do the same thing, but using OpenSSH instead of
>> Dropbear. Meaning that I would like to add this feature to the
>> Busybox template, to look for the OpenSSH binaries on the host and
>> copy them in the container rootfs, with the additional setup of the
>> configuration files (sshd_config, authorized_keys, etc.). I've found
>> some inspiration regarding what's required in the lxc-sshd template,
>> altough there are some differences there - mainly there's no
>> separate rootfs built, instead there are some bind mounts from the
>> host rootfs.
>>
>> I was wondering if adding OpenSSH support would make sense for the
>> upstream Busybox container template? And how should I go about it -
>> first try to add Dropbear, and if it's not available on host, try
>> for OpenSSH? Should SSH support even be a default feature of the
>> Busybox container, or should there be a flag to add it, and perhaps,
>> which package - Dropbear or SSH?
>>
>> Thanks!
>> Bogdan P.
>
> I think dropbear and fallback to openssh would be fine, possibly with a
> flag to set which you actually want.
>
> One trick however will be that openssh is likely to depend on a bunch of
> external libraries which in turn may depend on even more, so resolving
> all of those in a way that works on all distros will be a bit of a
> challenge I expect.

I thought about it as well. I don't expect it to be a problem since the library 
directories are bind-mounted from the host for Busybox containers.

Thank you,
Bogdan P.