Comment 7 for bug 1577638
Revision history for this message
| Richard Harding (rharding) wrote Re: Can't juju ssh to lxd-placed container | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
The issue is that just because you can ssh to the container through the machine doesn't mean you should proxy through the controller. We need to limit folks that can access the controller directly like this. I think the longer term path is to find a way to enable proxying through the host machine in a lxd case.
I do think we can do a few things to help:
1) if the user ssh'ing is a controller admin, then proxy for them. It's ok, they could ssh there anyway
2) if the user is not and is a model user only, suggest they ssh directly to the host machine and then suggest ssh'ing to the container from there. I think we can provide these instructions without too much pain. This would only be required if the --proxy is indeed set to false for the controller.