12

*ssh into server*
*runs 'sudo systemctl start docker'*
*ssh into server again*
> Permission denied

How docker? How are you destroying the ssh servers auth?

Comments
  • 1
    And this persists across restarts, as soon as I start the docker service I can't ssh into the server anymore.
  • 4
    Docker is so wickedly easy it even ignores your net config completely and just uses the ports it wants as it was a real machine.

    "Your way", you know, but like.. completely different.
  • 2
    Did you check if maybe some container runs on your SSH port?
  • 0
    @kolaente nope, it would be 80 and 443 and one port that's not exposed to the host
  • 0
    @kolaente also, there are not even containers running
  • 2
    Maybe docker added virtual networks over the docker0 bridge?

    Try "docker network ls" and look for any other entries then bridge, host or none. If you find any, then remove them with "docker network rm <id>".
  • 4
    If I remember correctly Docker does some voo-doo with the firewall to get the networking up between containers... might want to check if it's not making the firewall crap out ... if it's the case, on firewall-cmd it might be overriding your carefully set up zones. Unsure how could it possibly make iptables crap out. This is a wild shot in the dark tho.

    Drop the distro name plz.
  • 2
    @theKarlisK if the firewall completely blocks SSH, it would just time out on the client side though.. I'd take a look at the sshd_config for whether password auth got disabled (it should be, and you should use keys!!), whether the key (if any) is still present in authorized_keys for your remote user, and whether the password for that user suddenly changed if password auth is used (very unlikely, but might happen on shared servers every now and then).
  • 1
    @Condor you're right, tho, what if it's a PAM lockout... would explain why the account becomes available after reboot (haven't checked, I think it gets reset after reboot?).

    Wait, what if it remounts some system directories?
  • 2
    @theKarlisK I've unfortunately got no experience with Docker (as I think that separation of services into a single host through Docker is quite perverse) but I doubt that it'd overlay system directories to its own content. That'd be completely ridiculous, equalling a whole system takeover. PAM or SSH lockout, most likely.

    Actually @succcubbus could you perhaps relay a (redacted) copy of the OS for analysis? I've got pretty interested in it. My email address would be <insert your username here>@nixmagic.com.
  • 0
    I am having a similar issue but apparently no ssh config that I have tried can solve it...
    I can login in local network but as soon as I use a dns to get to it, it won't login
  • 1
    @Condor I know what you mean, at the same time, I think Docker helps with clustering a service that you'd otherwise just run in a single instance due to cost and performance constraints. Docker effectively is the same as libvirt with some different features. One possibility that I remember was that you could mount directories from the host system into docker containers or the other way around to keep some persistent data (like MySQL DB, for example). I remember experimenting with the idea of setting up and running applications from Docker containers as if they were installed on the host system (so that I could switch versions when needed).
Add Comment