Install Linux Container (LXC) in Linux and enable ssh


846
6 shares, 846 points

LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.

Note: Please don’t be confused with the test in arn@test:~$  , here the ‘test’ is only the name of the host machine and the test in the below section is to show you example to create a container named ‘test’.

Now let’s begin with it’s installation :

 

Install Linux Container Utils

abhi>~ $ sudo apt install lxc-utils

 

Create a linux Container

lxc-create is used to create the linux container and -t download displays all the distribution and architecture for container image. Similarly, -n represents name. We are creating container named ‘test’ here.

arn@test:~$ sudo lxc-create -t download -n test

Now, choose the distribution here i have choosen ubuntu bionic of amd64 architecture.

 

Start the Container

Initially, after creation the container  is stopped by default, so you have to start it manually.

arn@test:~$ sudo lxc-start  -n test

After starting the container you can see that the comtainer has been assigned a default ip by itself.

 

See the available containers in the machine

arn@test:~$ sudo lxc-ls  – -fancy

 

Enter to the Container

As you have to enter inside the container to work under it,so make sure you have entered into the container.

arn@test:~$ sudo lxc-attach -n test

Now, you see you have been entered into container ‘test’ as shown above as root@test:/# 

 

Enable SSH for Container ‘test’

As you may want to access the container directly using ssh so let us assume that we have a machine ip as 192.168.0.73. So, first of all the task is to nat the ip with the container ip which have been already created by default.

Install iptables-persistent inside the container

root@test:/# sudo apt-get install iptables-persistent

 

Nat IP 192.168.0.73(assuming as machine IP) to the container ip (10.0.3.17) for web

Since, we know that the default port is 80. So now we are trying here to give a customised port as 4001 for the container. so the the web port is now represented as 192.168.0.73:4001

root@test:/# sudo iptables -t nat -A PREROUTING -p tcp -i eth0 –dport 4001 -j DNAT –to-destination 10.0.3.17:80

 

Nat IP 192.168.0.73(assuming as machine IP) to the container ip (10.0.3.17) for ssh access (i.e. port 22)

Since, we know that the default port for ssh is 22. So now we are trying here to give a customised port as 4221 for the container. so that we can now access the container using a port 4221 as ssh username@192.168.0.73 -p 4221

root@test:/# sudo iptables -t nat -A PREROUTING -p tcp -i eth0 –dport 4221 -j DNAT –to-destination 10.0.3.17:22

 

Save the iptables rule

root@test:/# iptables-save

 

Now install ssh server

root@test:/# sudo apt-get install openssh-server

 

If in case the ports are blocked by firewall verify it.

First install ufw:

root@test:/# sudo apt-get install ufw

Allow the ports through firewall:

root@test:/# sudo ufw allow ssh

root@test:/# sudo ufw allow 4221

root@test:/# sudo ufw allow 4001

 

Create a root user in the container to access it fully:

Use the following and set user and provide some secure password.

root@test:/# sudo adduser testuser

Here ‘testuser’ is username.

Give that user a root privileges

root@test:/# sudo usermod -aG sudo testuser

 

Finally let’s move on to the last step..Now try to access the container using ssh from terminal.

abhi>~ $ ssh testuser@192.168.0.73 -p 4221

At first i was asked to run some scripts for ssh verification and i run as shown in screen as:

abhi>~ $ ssh-keygen -f “/home/abhi/.ssh/known_hosts” -R “[192.168.0.73]:4221”

After this, i again tried to access from ssh:

abhi>~ $ ssh testuser@192.168.0.73 -p 4221

This time it worked like a charm!!!!!!!!!!  WHOOOOOOOOOOOOOOO….. Now the testuser have been logged in..

 

To Stop the Container

arn@test:~$ sudo lxc-stop -n test

Destroy the Container (Caution: This will delete the container)

arn@test:~$ sudo lxc-destroy -n test

You may need to stop the container first, if it’s running.

ENJOY IT !!!!!


Like it? Share with your friends!

846
6 shares, 846 points

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
3
geeky
love love
1
love
lol lol
1
lol
omg omg
0
omg
win win
0
win
admin

0 Comments

Your email address will not be published. Required fields are marked *

Send this to a friend