SSH using putty into LXC container on ubuntu server

Question

I am going to be teaching someone how to use ubuntu and python and i wanted to set them up their own sandbox to play around with, so i used LXC and setup a container following this guide:

https://www.digitalocean.com/community/articles/getting-started-with-lxc-on-an-ubuntu-13-04-vps

However, i have a problem, i am unable to SSH into that container using Putty. While i can use putty to SSH into my own box normally and then start an ssh within that, i will need to be there to log in. However, i want them to be able to login on their own.

For obvious reasons, i don't want them to have access to the main box itself as i use it for work, so if they delete anything or cause problems i could be in trouble.

i would like to simply set up the container that they can mess around in and run programs or move files or do whatever they please without messing up the main box, and then be able to log into it on their own without my interference.

How would i go about doing that?

Answer 1

As your LXC will have an internal IP address for example 10.x.x.x. you will need to apply an iptables rule that allows port forwarding from your host server to the LXC internal natted IP address.

to do this you will need to open up /etc/ssh/sshd_config on your LXC instance and change the listening port for SSH to a different port than your host server.

for example set your host to 25000 and set your LXC to 25001. NB all unique LXC instances on the host server will need to use a different ssh port. once you have changed this add the following iptables rule on your host server, not your LXC.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25001 -j DNAT --to 10.x.x.x:25001

where eth0 should be your LXC ethernet card and 10..x.x.x is your LXC internal ip address. this will forward ssh traffic from your host server to your LXC on the correct port

once complete you should be able to login with via ssh with the following

ssh -p 25001 user@LXC_host_server_IP

note that its the host servers ip you need to target and not the LXC. the host will forward the traffic to your LXC.

This method can be used for any service, so if you are setting up apache or Nginx inside a LXC you can do the same port forwarding for ports 80, 8080, 443 etc etc.

Hope this helps someone.

Answer 2

use ssh tunneling to connect to containers. configure lxc container to use bridge

sudo vi /etc/init/lxc-net.conf

add this line

env USE_LXC_BRIDGE="true"

restart net-service to take affect configurations

# /etc/init.d/lxc-net restart

start lxc container

# lxc start <container-name>

In host machine use the following command to create the tunnel listening on the port 9001

# ssh -L 0.0.0.0:9001:<ip-of-the-container>:22 localhost

connect to the tunnel

$ ssh -p 9001 <userid>@<ip-of-the-host>