# [SOLVED] Accessing LXC cointainers from external box

## mimosinnet

I have followed the article in the gentoo wiki on [url=http://en.gentoo-wiki.com/wiki/LXC ]Linux Containers[/url], and I have a container configured and running. 

I am wondering how can I allow the access into the container to external users. I am able to access to a lxc-console with this command:

```
ssh -t root@psicosocial lxc-console -n psicosocial
```

Nevertheless, lxc-console is not available for non-root users and I would also like that users log directly into the container without going through the host machine. 

Any suggestions appreciated! 

Cheers!

----------

## Hu

A common technique to allow users direct access into a system container is to run a separate sshd inside the container.  Users then connect to that sshd directly.  In this way, you can treat the container just like you treat a full virtual machine where you grant external access.

----------

## mimosinnet

 *Hu wrote:*   

> A common technique to allow users direct access into a system container is to run a separate sshd inside the container.  Users then connect to that sshd directly.  In this way, you can treat the container just like you treat a full virtual machine where you grant external access.

 

Thanks for the extremely fast answer and for the suggestion! 

I can log into the container from an external machine issuing this command:

```
ssh -t user@host ssh root@container
```

I have been also been able to get lxc-console using sudo:

```
ssh -t user@host  sudo lxc-console -n container
```

I feel your suggestion is simpler (I had to install sudo to do it) and has more potential: I will dig into ssh tunnelling to be able to get directly into the container!

Cheers!

----------

## Hu

If you give the container a routable address, then users can reach it without using ssh tunneling.

----------

## mimosinnet

Following your suggestion, this is how I finally been able to log directly into the container from an external host:

In the host, I have written in /etc/sshd:

```
Match User user_in_host

        ForceCommand ssh root@container
```

Now:

```
ssh user_in_host@host
```

Logs dircectly into the container.

Thanks a lot!

----------

## Bones McCracker

If you set up the container with a virtual ethernet interface connected to a bridge on the host, then it can have its own ethernet address on the LAN, and you should be able to connect directly to it without logically involving the host (the host will transparently relay all traffic destined for the container, without the need for any special considerations).  You should be able to simply 'ssh <container_ip>'.

----------

## mimosinnet

 *BoneKracker wrote:*   

> If you set up the container with a virtual ethernet interface connected to a bridge on the host, then it can have its own ethernet address on the LAN, and you should be able to connect directly to it without logically involving the host.

 

Thanks BoneKracker! I understand better what Hu said. In my case, I can only have one valid internet address on the host and the containers must have private addresses. 

Both of you: I have added your comments to the gentoo wiki: http://en.gentoo-wiki.com/wiki/LXC#Accessing_the_container_with_sshd

Thanks!

----------

