[PVE-User] Can't login to LXC containers

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Jul 30 07:57:25 CEST 2015


On Wed, Jul 29, 2015 at 06:57:15PM +0100, Filippo Valsorda wrote:
> Now I don't know how to login. If there is a default user name it's not
> "ubuntu". If that password becomes the root password, then I have a
> problem because I looked inside the template, and sshd_config has
> "PermitRootLogin without-password".

This disables password authentication for root, so you need an
alternative, eg an ssh-key.

There are several ways to enter a container:
1) ssh - if the container ships with it activated. In your case you need
to first setup an ssh key for root in the container's
/root/.ssh/authorized_keys file. (If you do that, take care to get the
permissions right as sshd refuses to work with insecure key files.)

2) a console (web gui, `pct console`, or `lxc-console`)
This will put you onto a tty, which means the container needs to have a
login available on that tty, and if you want to login as root, this tty
needs to allow root to login (ie the tty needs to be trusted (listed in
/etc/securetty)).

3) directly attach from the commandline via `pct enter` or `lxc-attach`
This directly enters the namespaces and runs a shell, no login required,
you need to be logged in as root on the host to be able to do that, and
it's the easiest way to debug the container quickly. (No restrictions
from /etc/securetty or sshd_config apply here).

> I feel dumb asking such a simple question, but: how am I supposed to log
> in to a LXC container?

There are many ways, and all of them have their quirks. sshd settings,
/etc/securetty etc. regularly leave people puzzled for a while until
they realize what's going on ;-)

And then there can always be "special" templates which eg. run
cloud-init or other autoconfiguration tools at start, and might have a
nasty configuration which at some point changes root's password or ssh
key or disables direct root login entirely.
It's hard to know about all the different possibilities out there.




More information about the pve-user mailing list