ssh into container via VSOCK instead of via sshd.service? #240
Description
I think this is related to #236 but I'm opening a separate issue just in case, feel free to merge it into the other issue if needed.
bcvk ephemeral ssh requires sshd.service/sshd.socket to be running in the VM to work. On many distros/images, this is not the case.
systemd includes systemd-ssh-generator, this generator seems to be enabled by default on most distros. This means that on most distros, if systemd detects it is running in a VM, it will automatically listen on port 22 on the VM's AF_VSOCK, and start an sshd session for each incoming connection.
Maybe it would be worth switching bcvk ephemeral ssh to use this mechanism for better compatibility since all the configuration is already there (bcvk already allocates a VSOCK for each VM)?
Sample
Consider the quay.io/fedora-ostree-desktops/silverblue:43 image, sshd.service/sshd.socket is not enabled by default for this image so bcvk ephemeral ssh doesn't work:
❯ podman pull quay.io/fedora-ostree-desktops/silverblue:43
[...]
❯ bcvk ephemeral run -d --rm -K --name foo quay.io/fedora-ostree-desktops/silverblue:43
22850769c7f70368500ff696bb7d4084644cf2aaeaf9cd983afd1d44ed242cdb
❯ bcvk ephemeral ssh foo -v
Error:
0: Timeout waiting for readiness after 240s (221 attempts)
Location:
crates/kit/src/utils.rs:71
However, I can ssh into the container over VSOCK, thanks to systemd-ssh-generator and systemd-ssh-proxy:
❯ podman exec -it foo ssh -i /run/tmproot/var/lib/bcvk/ssh 'vsock%3'
Warning: Permanently added 'vsock%3' (ED25519) to the list of known hosts.
[root@fedora ~]#
Notes
More info: