Access your Podman container using SSH

Objective 🔍

The objective of this tutorial is to show how to setup an Ubuntu-based Podman container with an SSH server.

Description 📖

In many scenarios, it’s important to provide an isolated environment where end-users can run applications freely, while ensuring the host system remains safe and unaffected. Containers are perfect for this: they let the user work inside a dedicated space without risking misconfigurations or disruptions on the host.

The challenge, however, is that accessing a container usually requires logging into the host machine first, which is not always practical.

In this tutorial, you’ll learn how to enable direct SSH access into a container. This way, users can interact with the container environment as if it were a standalone system.

Prerequisites 🛠️

• A WebPanel (WP) or TouchController (TC) device
• Basic knowledge of SSH
• Basic knowledge of podman and containers
• Basic knowledge of Linux

Steps 🪜

1. Connect to the device via SSH using the user account:

   ssh user@<DEVICE_IP>
   

   2. Navigate to the persistent folder /data/user:

   cd /data/user
   

2. Create a dedicated folder for the tutorial:

   mkdir ssh-server
   cd ssh-server
   

3. Create a Dockerfile file with the following content:

   # Base Ubuntu image
   FROM ubuntu:latest
   
   # Prevent interactive prompts during package install
   ENV DEBIAN_FRONTEND=noninteractive
   
   # Install OpenSSH server and sudo
   RUN apt-get update && apt-get install -y \
       openssh-server \
       sudo \
       && rm -rf /var/lib/apt/lists/*
   
   # Create SSH directory
   RUN mkdir /var/run/sshd
   
   # Create a non-root user `user` with password `123456`
   # and sudo privileges
   # -m: create `user` home directory (/home/user)
   # -s: set default shell for `user` to bash
   RUN useradd -ms /bin/bash user \
       && echo "user:123456" | chpasswd \
       && echo "user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
   
   # Harden SSH config: disable root login, but allow password auth for user
   RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config \
       && sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config
   
   # Expose SSH port
   EXPOSE 22
   
   # Start SSH service
   CMD ["/usr/sbin/sshd", "-D"]
   

   This Dockerfile provides a base Ubuntu image with a non-root user and an SSH server that runs as soon as the container is started

4. Create a podman-compose.yml file with the following content:

   services:
     ssh-server:
       # tell podman-compose to build the previous custom ssh-server image
       build:
         context: .
         dockerfile: Dockerfile
       restart: always
       ports:
         - "8022:22" # map host port 8022 to container port 22
   

   This compose file builds the previously created Dockerfile and runs it mapping the container port 22 (default SSH port) to the port 8022 of the host. This way, it won't collide with the already open SSH port of the host panel

5. Run the container using the following command:

   podman-compose -f podman-compose.yml up --build -d
   

6. Connect to the container with SSH using the following command:

   ssh -p 8022 user@<DEVICE_IP>