SSHD Issue with userns-remap in docker
Summary
SSHD is not working within docker image when usernamespace remaping is enabled
Steps to reproduce
Configure the docker engine to isolate container ( https://docs.docker.com/engine/security/userns-remap/ )
Get a fresh gitlab docker images and add the possibility to log in ssh.
Try to ssh to it.
What is the current bug behavior?
It fails with :
ssh_exchange_identification: Connection closed by remote host
What is the expected correct behavior?
The authenticity of host '[]:2222 ([10.238.72.224]:2222)' can't be established.
ECDSA key fingerprint is SHA256:*****.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[]:2222,[]:2222' (ECDSA) to the list of known hosts.
Enter passphrase for key '':
PTY allocation request failed on channel 0
Welcome to GitLab, @me!
Connection to **** closed.
Relevant logs
Relevant logs
[host]# docker logs gitlab_gitlab_1 |grep sshd No new version of PostgreSQL installed, nothing to upgrade to ==> /var/log/gitlab/sshd/current <== 2019-01-23_15:54:13.51346 /var/run/sshd must be owned by root and not group or world-writable. 2019-01-23_15:54:14.61108 /var/run/sshd must be owned by root and not group or world-writable.[host]# docker exec -it gitlab_gitlab_1 ls -al /var/run/sshd total 0 drwxr-xr-x. 2 105001 105001 6 Dec 28 15:33 . drwxr-xr-x. 11 105001 105001 190 Jan 23 15:52 ..
Manual action to correct it
commands
[host]# docker exec -it gitlab_gitlab_1 rmdir /var/run/sshd [host]# docker exec -it gitlab_gitlab_1 service ssh start * Starting OpenBSD Secure Shell server sshd [ OK ] [host]# ssh localhost -p 2222 Permission denied (publickey).
Suspected part of the setup
File: omnibus-gitlab/docker/assets/setup
line : mkdir -p /var/run/sshd
Possible way to solve it
Let the ssh service to create it @docker startup.
But i havn't been able to find where it was.
Best regards.