B1;4201;0cOn Fri, 23.10.15 14:24, Mantas Mikulėnas (graw...@gmail.com) wrote:
> Yeah, I was referring to UUCP, since it's the same kind of hop-by-hop > source-routing. > > (Admittedly, ":" was used the same way in Berknet...) > > Though, wouldn't containers just run sshd themselves? Or is this mostly for > very-lightweight things? I don't see why they would. The whole concept of "machinectl shell" and "machinectl login" exists to make it unnecessary to make every container world-accessible via SSH but still provide a nice, safe and correct way to get a shell in them (i.e. one that is actually a proper login shell with PAM, utmp and all that crap, instead of just an nsenter thing). In general, doing SSH not only means running another world-accessible server, but in most cases also picking a good password for root (or some other local user), as ssh is probably more often used with passwords than with keys I figure, still. By avoiding direct ssh when accessing local containers and sticking to "machinectl shell" we can sidestep the issue, as we can simply take benefit of the fact that the container's host is always more trusted than the container itself... What's missing of course here too is that this works: machinectl shell foo:bar and so on, to directly get a shell in container "bar" that lives inside container "foo"... But well, given that stacking containers is generally questionnable this is not a high priority to support... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel