https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035906.html
https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-August/036168.html
Looks like running as non-privileged user will continue to be supported,
just not as a single process and not with the old option.
Fedora 26
Hi!
> Where do you read OpenSSH is dropping that mode?
I forget to include the list.
See https://www.openssh.com/txt/release-7.5, UsePrivilegeSeparation. I
understand that that will kill using it as non-root.
Cheers,
Tobias Florek
___
users mailing
You sure?
Where do you read OpenSSH is dropping that mode?
Tobias Florek wrote on 07/11/17 13:07:
Hi!
I have a container (based on centos), that runs openssh's sftp server as
random uid for use in openshift (using nss-wrapper).
Unfortunately OpenSSH is going to drop running as non-root in
Hi!
I have a container (based on centos), that runs openssh's sftp server as
random uid for use in openshift (using nss-wrapper).
Unfortunately OpenSSH is going to drop running as non-root in the next
major version because they think non-root container sshd is a bad idea
(I don't know why).
See
> On 10 Jul 2017, at 11:55 PM, Itamar Turner-Trauring
> wrote:
>
> It is possible to run sshd on OpenShift, if other options don't work - we do
> it as part of the Telepresence remote debugging tool we built for OpenShift
> and Kubernetes (https://telepresence.io
Hi,
you can use http for file transfer as well and communicate server
password through a secret in the project. It is indeed possible to run
an SSH server inside OpenShift. Just a little tricky. I've a blog about
it [1].
[1]
It is possible to run sshd on OpenShift, if other options don't work - we
do it as part of the Telepresence remote debugging tool we built for
OpenShift and Kubernetes (https://telepresence.io).
Here's a shortened (and untested) Dockerfile:
-
FROM alpine:3.5
RUN mkdir -p /usr/src/app
Thank you all for the responses. I'll check these options.
On Mon, Jul 10, 2017 at 4:13 AM, Graham Dumpleton
wrote:
> Anther ad-hoc way of moving data between pods is possible if you have
> 'netcat' tools installed in image for each application.
>
> Look at the example in:
Anther ad-hoc way of moving data between pods is possible if you have 'netcat'
tools installed in image for each application.
Look at the example in:
http://www.microhowto.info/howto/copy_a_file_from_one_machine_to_another_using_netcat.html
If your applications are in the same project, you may find it easier to mount
an extra persistent volume temporarily in the source pod. Access the pod using
'oc rsh' and copy the files into that persistent volume and then detach it from
that pod. Then mount the persistent volume into the target
oc rsync is not always appropriate, since the communication has to go
through the master. If you're doing 40gb db backups via rsync you'd want
to choose a different mechanism, at least until we add direct exec session
support in the future
On Jul 9, 2017, at 2:13 PM, Ben Parees
if nothing else you can make the oc binary available within one pod and
then run oc rsync from within that pod to sync to a different pod.
On Sun, Jul 9, 2017 at 12:27 PM, Aleksandar Lazic
wrote:
> Hi Isuru Haththotuwa.
>
> on Sonntag, 09. Juli 2017 at 16:10 was written:
>
This may be of interest to you:
https://docs.openshift.com/enterprise/3.1/admin_guide/manage_scc.html#enable-images-to-run-with-user-in-the-dockerfile
On Sun, Jul 9, 2017 at 6:03 AM Isuru Haththotuwa
wrote:
> Hi,
>
> I'm trying to do $subject. Using the minimal docker
Hi Marko,
On Sun, Jul 9, 2017 at 4:29 PM, Marko Lukša wrote:
> There's no need to run sshd. Use oc rsh or oc exec.
>
Thanks for the reply. However, I am trying to run a rsync pull from a
different pod to this particular pod, that is the reason why I'm trying to
run sshd.
Hi,
I'm trying to do $subject. Using the minimal docker sample found at [1].
While this works perfectly in bare docker, when I'm trying to run on
Openshift it fails with the error [2]. When I tried to re-create the ssh
keys at startup with *ssh-keygen -A*, gave me the error [3]. I read that
15 matches
Mail list logo