Open matusmarhefka opened 1 week ago
Another option is to update podman-bootc
to allow ssh root logins, similarly as it injects ssh key for root it would check that ssh configuration (/etc/ssh/sshd_config.d/*
and /etc/ssh/sshd_config
) doesn't contain PermitRootLogin no
and it would then set PermitRootLogin yes
in /etc/ssh/sshd_config
.
Currently, both run
and ssh
commands supports the --user <user>
option to specify an alternative user.
If --user <user>
is not enough, we can work on an alternative, I'm not so sure about silently changing the configuration maybe adding a new option like --enable-root
@germag Thanks, I've tried using the --user
option and it doesn't work with the latest quay.io/centos-bootc/centos-bootc:stream9
base image:
podman-bootc run --user admin quay.io/centos-bootc/centos-bootc:stream9
...
Error: WaitSshReady: SSH did not become ready in 1m0s seconds
I am on Fedora 40 with the latest podman-bootc from the gmaglione/podman-bootc
copr repository:
$ rpm -q podman-bootc
podman-bootc-v0.1.1~98~g7e608fa-1.20240715123201179838.main.98.7e608fa.fc40.x86_64
Ok, let me check that
Some security policies (e.g. DISA STIG) prevent root login via ssh. However, the
podman-bootc
tool uses root ssh login to access the deployed VM so container images built with such policies are not accessible by the tool (podman-bootc run
/podman-bootc ssh
doesn't work).Would it be possible to update podman-bootc to login as non-root wheel user who can run sudo without a password? If not, what other options do we have?