LXC version: 3.0.3
Hi,
I created an unprivileged LXC, configuring:
cat /etc/subuid
mylxcuser:296608:65536
cat /etc/subgid
mylxcuser:296608:65536
cat /home/mylxcuser/.local/share/lxc/provisioning/config
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64
lxc.start.auto = 1
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_incomplete = 1
lxc.idmap = u 0 296608 65536
lxc.idmap = g 0 296608 65536
lxc.rootfs.path = dir:/home/mylxcuser/.local/share/lxc/provisioning/rootfs
lxc.uts.name = mycontainer
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc-net.0.hwaddr = 00:16:3e:df:c8:29
lxc.mount.entry = /dev/net dev/net none bind,create=dir
I have created it using lxc-create -t download -n mycontainer – -r buster -a amd64 -d debian --keyserver hkp://p80.pool.sks-keyservers.net:80
Inside this container, I have installed openvpn and configured a script up.sh (using directive client-connect) that executes the ssh command to the client in order to get some information from him.
up.sh:
#!/bin/bash
/etc/openvpn/scripts/myscript.sh $ifconfig_pool_remote_ip &
myscript.sh:
#!/bin/bash
ssh -4 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ConnectTimeout=30 -o ConnectionAttempts=3 -l root $1 “cat /tmp/file.txt”
However, this gives the following error:
Could not create directory ‘/root/.ssh’.
Warning: Permanently added ‘10.5.0.6’ (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
root@10.5.0.6: Permission denied (publickey,password).
I have copied the public key to the host, so I dont know why it gives me this error. On the other hand if I type $USER within the container, this is the result:
root@mycontainer:/# echo $USER
mylxcuser
If I execute “myscript.sh” from the console, it works perfectly. Is this normal? There might be a permission or uid mapping problem with the unprivileged container?
Thanks for your help