1/3: Setting Up a Remote Container.
Or: Creating, and Softening, Linux Containers.
Containers are used to "contain" running processes from interfering with each other and the host system. They belong to the Second Wave of Software Emulators, where Virtual Machines were the First Wave and WASM/WASI is the Third Wave. Emulators "pretend" to be operating systems so processes can run in them.
Prerequisites.
A Linux-based distro (I use Ubuntu), and
An LXD installation, if required.
Creating a New Container.
The "container-name" below is a placeholder. This placeholder should be replaced with an actual container name.
- From the
homelab
terminal, I create a new container:
lxc launch ubuntu:22.04 container-name
- Then I bash into the container:
lxc exec container-name -- bash
- I update and upgrade the container:
sudo apt clean && \
sudo apt update && \
sudo apt dist-upgrade -y && \
sudo apt --fix-broken install && \
sudo apt autoclean && \
sudo apt autoremove -y
Adding a User Account to the Container.
- From the
homelab
terminal (CTRL
+ALT
+T
) connected to the container, I create a new user:
adduser yt
- I add the new user to the 'sudo' group:
usermod -aG sudo yt
usermod let's me (-a)ppend the sudo (-G)roup to the 'yt' account.
- I exit the container:
exit
The next step is to fix the home directory problem.
Fixing the Home Directory Problem.
I can use Nano to add an entry to the .bashrc
file.
- From the
homelab
terminal, I log in to the container with the 'yt' account:
lxc exec container-name -- su yt
- I open the
.bashrc
file with Nano:
sudo nano ~/.bashrc
- I add the following to the bottom of the file, save the changes, and exit Nano:
cd ~
- I reboot the container:
sudo reboot
The next step is to install OpenSSH within the container.
Installing OpenSSH within the Container.
I can use OpenSSH to block access to this container.
- From the
homelab
terminal, I log in to the container with the 'yt' account:
lxc exec container-name -- su yt
- I install OpenSSH:
sudo apt install openssh-server -y
- I can check the status of OpenSSH:
sudo systemctl status sshd
- If needed, I can enable OpenSSH:
sudo systemctl enable --now ssh
The next step is to configure the SSH file in the container.
'Softening' the Container.
In this section, I will 'soften down' the container so it can be accessed with a username and password. This is the reason why I added a user account, and password, in the sections above: To gain access to the container from my workstation
terminal.
THIS IS A TEMPORARY CONDITION AND WILL BE FIXED IN THE NEXT LAB.
- From the
homelab
terminal (CTRL
+ALT
+T
) that is connected to the container, I open the "sshd_config" file:
sudo nano /etc/ssh/sshd_config
- I edit, and save, the following "sshd_config" setting:
PasswordAuthentication yes
NOTE: I will return to this file in the next post to fix this, and other, settings.
- I restart the SSH system:
sudo systemctl restart ssh.service
- I
sudo reboot
the container:
sudo reboot
- And finally, on the remote
homelab
system, I display the IP address for the new container:
lxc ls
Now that I have OpenSSH installed, the next step is to set up a remote connection.
And remember: Be safe, be kind, be awesome.