[SAC] ssh config to connect to LXC containers

Alex M tech_dev at wildintellect.com
Thu Jun 6 12:42:35 PDT 2019


On 6/5/19 22:39, Sandro Santilli wrote:
> On Wed, Jun 05, 2019 at 11:46:09AM -0400, Regina Obe wrote:
>> Why aren't you going thru download (port 22)
>>
>> Download container can see new-secure fine since all the containers are on
>> the same network.
>> It's just the host that is on a different network, and I don't really think
>> we want people going thru via the host.
> 
> Uhm, why don't we want people to go thru host ?
> 
> If a container ("download") goes down for any reason we cannot reach
> other running containers anymore, by using that container as a "jump
> host". Also it doesn't sound "clean" to use a "download" container
> for this work. If there's a good reason not to use the host should
> we maybe have an on-purpose "jump.osgeo.org"?
> 
> --strk;

Yes an intermediate host was the long term plan. Download was used
initially, and because it required port 22 became the defacto
intermediate. The "jump" host will need it's own external IP address.

SAC people can always remote to the host (on 2222), but non-SAC people
given access to various containers should not be able to remote to the
host directly.

-Alex


More information about the Sac mailing list