Managing container access

Modified: 08 Sep 2022 04:28 UTC

Instructions on the ways containers created within Triton are accessed.

This page assumes that you have built any images you are using correctly; that is, they are integrated into the Triton environment with the Triton Guest Tools correctly installed. This is essential for passwords to work properly with conatiner-native Linux and hardware virutal machines (both Linux and Windows).

Note: This guide does not cover authentication for Docker containers. For more information on Docker containers, please see Docker Containers.

Container access

There are two ways that a user can access their instance in Triton: SSH via SmartLogin and SSH via public key authentication. For Windows based instances and a very small subset of Linux instances, password authentication is provided with the password being set in the metadata for the image and available via AdminUI or via a call to sdc-vmapi on the head node.

SmartLogin

SmartLogin allows the user to login to their instance over SSH as the root user using the SSH keys that are available under the user's account:

sdc-ldap s -b 'uuid=4c27d519-f301-4d6b-a654-6b709082be72,ou=users,o=smartdc' objectclass=sdckey`).

New keys added to the account will automatically allow the user to log into any already provisioned instance.

An infrastructure container running SmartOS will have a plugin enabled in /etc/ssh/sshd_config called libsmartsshd.so that enables this service. The root user's ~/.ssh/authorized_keys file will be empty by default, but can be used alongside SmartLogin.

SSH keys

Hardware virtual machines and container-native Linux require their root user's ~/.ssh/authorized_keys file to be updated with the keys from the user's account. This is done at provision time.

Note: If new keys are added to the user's account, they will not be automatically deployed to the these instances; they must be managed manually.

Windows authentication

You can log in to Windows instances using an RDP program such as Microsoft Remote Desktop connection using the generated "Administrator" password.