Make it possible to connect to a container via SSH

[vitaliy-guliy]

Is your task related to a problem? Please describe

It is a part of VS Code desktop flow, but it is better to decouple as a separate feature.

In general, as a user I want to open a terminal on my laptop and connect to a container in a running workspace via SSH.

Describe the solution you'd like

For that we need

• add ssh service ( openssh-server ) to universal developer image
• configure sshd to be able to run in rootless mode
• expose TCP port 21 (or 2121) to allow external connections

[vitaliy-guliy]

At the moment we have some issues when trying to use and configure SSH server inside a container.
I tried to use Open SSH and the alternative Dropbear.

The current state of the attempts to configure both services is in the draft pull request che-incubator/che-code#327

The main problem that I see at the moment that is user in the container is not properly configured (seems not properly configured). Open SSH require PAM to be properly configured. But all the changes made in developer container were overwritten by the kubernetes when workspace startup.

Alternative Dropear service is not very talkative and do not explain in the details the reason of failure.
It says only, that user user is wrong

Login attempt with wrong user user from 127.0.0.1:34192

Third option I have tried is to build the image based on ubuntu.

FROM ubuntu:16.04
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
# Set root password for SSH access (change 'your_password' to your desired password)
RUN echo 'root:your_password' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

It is possible to test how does it work, but locally, not in the container

• Download and launch the service

docker pull quay.io/vgulyy/ssh-ubuntu:test
docker run --name ssh-ubuntu quay.io/vgulyy/ssh-ubuntu:test

• Take the IP address

sudo docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ssh-ubuntu

• Connect to the service

ssh [email protected]

But it does not work if create a container with this image, because of configuration files are overwritten.

[che-bot]

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.