Gregory's Server… the generator will bind an AF_UNIX socket into it also providing ssh. The idea is that that dir is mounted both into the container and into the host, so that the AF_UNIX is accessible from both. The other side of the equation is that a tiny plugin for the ssh client which allows connecting to AF_VSOCK/AF_UNIX sockets. In effect: without any further manual configuration full OS containers and VMs are now accessible from the host without any networking. Just run "ssh vsock/4711" or …
|
2 comments
 @siosm anyway, the PR is here: https://github.com/systemd/systemd/pull/30777 The PR is almost ready, I just need to add some test cases. Enjoy. |
"ssh unix/run/systemd/nspawn/unix-export/foo/ssh" to connect to a VM or container, without any need to configure or wait for a networking. It really *just* works.
Additional AF_VSOCK/AF_UNIX sockets to listen on can also be configured via kernel cmdline, and system credentials.
Oh and to make things complete we'll always listen on a locally accessible AF_UNIX socket too, to accodomodate for usecase such as @siosm's: https://tim.siosm.fr/blog/2023/12/19/ssh-over-unix-socket/ in a uniform, systematic way, that always works.
"ssh unix/run/systemd/nspawn/unix-export/foo/ssh" to connect to a VM or container, without any need to configure or wait for a networking. It really *just* works.
Additional AF_VSOCK/AF_UNIX sockets to listen on can also be configured via kernel cmdline, and system credentials.
Oh and to make things complete we'll always listen on a locally accessible AF_UNIX socket too, to accodomodate for usecase such as @siosm's: https://tim.siosm.fr/blog/2023/12/19/ssh-over-unix-socket/ in a uniform, systematic...