OpenVZ Forum: Support » *SOLVED* SSH with single ip address?

Home » General » Support » *SOLVED* SSH with single ip address?

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

*SOLVED* SSH with single ip address? [message #7549]

Tue, 17 October 2006 12:23

Rick
Messages: 5
Registered: October 2006

Junior Member

Hello everyone,

I was wondering if it is possible to run a single ssh server for both the host and the virtual machine, since I only have one public ip address (and unable to get more).

Right now I'm using jail but that definately has it's limits and I'd like to use OpenVZ, but I can't find a possibility to let the user login to the virtual system directly (with jail I just set the shell to /usr/bin/jail)

Thanks in advance.

[Updated on: Thu, 19 October 2006 12:17] by Moderator

Report message to a moderator

Re: SSH with single ip address? [message #7550 is a reply to message #7549]

Tue, 17 October 2006 12:30

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

It seems that DNAT should help you. Look at second part of this article: http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs.

HTH,
vas.

[Updated on: Tue, 17 October 2006 12:30]

Report message to a moderator

Re: SSH with single ip address? [message #7552 is a reply to message #7550]

Tue, 17 October 2006 12:41

Rick
Messages: 5
Registered: October 2006

Junior Member

Correct me if I'm wrong but that would only allow me to forward the port to the virtual server right? So I'd still be using 2 ssh servers on different ports while I want to let it go to the virtual server per user.

Report message to a moderator

Re: SSH with single ip address? [message #7553 is a reply to message #7552]

Tue, 17 October 2006 12:46

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

Yes you're right. Only port redirect. You should run ssh server in every VE...
I don't know over ways...

Report message to a moderator

Re: SSH with single ip address? [message #7554 is a reply to message #7553]

Tue, 17 October 2006 13:04

Rick
Messages: 5
Registered: October 2006

Junior Member

Ok, thanks for the help anyway Smile

I'm gonna try and hack it in myself Wink

[edit]
I'm unable to find a safe method of hacking it in, I don't think it's possible without changing too much in either sshd or the OpenVZ system.

[Updated on: Tue, 17 October 2006 13:56]

Report message to a moderator

Re: SSH with single ip address? [message #7624 is a reply to message #7554]

Thu, 19 October 2006 09:10

dev
Messages: 1693
Registered: September 2005
Location: Moscow

Senior Member

Sorry, didn't get what you mean by the text after [Edit]. DNAT doesn't require any hacking.

But I've got another idea... what if some one specifies 'vzctl enter VEID' as a shell in /etc/passwd in the host?
In this case it will be possible IMHO to have remove VE root via host ssh. Same can be done for other users, but it is not that convinient way, since passwords won't be changeable from VE.

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: SSH with single ip address? [message #7639 is a reply to message #7624]

Thu, 19 October 2006 11:36

Rick
Messages: 5
Registered: October 2006

Junior Member

The DNAT part isn't any problem, but getting it working so people can logging directly is.

However, I have tried what you are saying but it gives me an error: error on vz_env_create_ioctl(VE_TEST): Operation not permitted
I've tried to find out what the cause is and it seems that it's about not being able to get read/write right on /dev/vzctl, but the user does have those rights. So I'm getting a dead end here.

Report message to a moderator