I am going to be teaching someone how to use ubuntu and python and i wanted to set them up their own sandbox to play around with, so i used LXC and setup a container following this guide:
https://www.digitalocean.com/community/articles/getting-started-with-lxc-on-an-ubuntu-13-04-vps
However, i have a problem, i am unable to SSH into that container using Putty. While i can use putty to SSH into my own box normally and then start an ssh within that, i will need to be there to log in. However, i want them to be able to login on their own.
For obvious reasons, i don't want them to have access to the main box itself as i use it for work, so if they delete anything or cause problems i could be in trouble.
i would like to simply set up the container that they can mess around in and run programs or move files or do whatever they please without messing up the main box, and then be able to log into it on their own without my interference.
How would i go about doing that?
As your LXC will have an internal IP address for example 10.x.x.x. you will need to apply an iptables rule that allows port forwarding from your host server to the LXC internal natted IP address.
to do this you will need to open up /etc/ssh/sshd_config on your LXC instance and change the listening port for SSH to a different port than your host server.
for example set your host to 25000 and set your LXC to 25001. NB all unique LXC instances on the host server will need to use a different ssh port. once you have changed this add the following iptables rule on your host server, not your LXC.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25001 -j DNAT --to 10.x.x.x:25001
where eth0 should be your LXC ethernet card and 10..x.x.x is your LXC internal ip address. this will forward ssh traffic from your host server to your LXC on the correct port
once complete you should be able to login with via ssh with the following
ssh -p 25001 user@LXC_host_server_IP
note that its the host servers ip you need to target and not the LXC. the host will forward the traffic to your LXC.
This method can be used for any service, so if you are setting up apache or Nginx inside a LXC you can do the same port forwarding for ports 80, 8080, 443 etc etc.
Hope this helps someone.
use ssh tunneling to connect to containers. configure lxc container to use bridge
sudo vi /etc/init/lxc-net.conf
add this line
env USE_LXC_BRIDGE="true"
restart net-service to take affect configurations
# /etc/init.d/lxc-net restart
start lxc container
# lxc start <container-name>
In host machine use the following command to create the tunnel listening on the port 9001
# ssh -L 0.0.0.0:9001:<ip-of-the-container>:22 localhost
connect to the tunnel
$ ssh -p 9001 <userid>@<ip-of-the-host>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With