Closed kuangllbnu closed 1 year ago
flx42
commented
1 year ago My understanding is that sshd by default verifies it can actually drop privileges: https://github.com/openssh/openssh-portable/blob/141535b904b6fba01724444f38193a8599201f82/uidswap.c
So I don't think enroot can work with this use case given what it does to intercept setuid/setgid calls with seccomp, so you need to use --no-container-remap-root to run sshd as non-root.
3XX0
commented
1 year ago 
kuangllbnu
commented
1 year ago My understanding is that sshd by default verifies it can actually drop privileges: https://github.com/openssh/openssh-portable/blob/141535b904b6fba01724444f38193a8599201f82/uidswap.c
So I don't think enroot can work with this use case given what it does to intercept setuid/setgid calls with seccomp, so you need to use
--no-container-remap-rootto run sshd as non-root.
It could not work either, when I delete the option --no-container-remap-root
flx42
commented
1 year ago You need to add --no-container-remap-root
BG: I just want to use ssh in containers. I could successfully start the sshd in docker containers and login from other terminals. But failed when I use Slurm with pyxis to start the container.
Here is an screenshot.
If I start the sshd in the container with port 2222, when I try to login with ssh -p 2222, "Connection closed" was reported (Attached screen). If I kill the sshd, then try to login with ssh -p 2222, certainly "Connection refused" was shown.