cockpit-ws   podman   ssh   English

Cockpit-ws connection with second instance ssh.

 · 3 mins read

Table of Contents

Introduccion

Install Cockpit

Initialize second instance ssh port 22 on the host

Login into the Cockpit-ws

Introduction

In this part I will continue designing a small homelab. Therefore, it’s important having a central console where I can go to to manage the server, images and containers. Also the solution needs to include the compatibility with podman.

One of the solution proposed is Cockpit-ws is a server manager that makes it easy to administer your GNU/Linux servers via a web browser. It makes sysadmins to easily perform tasks such as starting containers, storage administration, network configuration, inspecting logs and so on. Cockpit also offer a third-party Podman modules that can be installed.

For more information of Cockpit link and Cockpit-Podman link

Other important points, normally cockpit-ws uses cockpit-session to authenticate the user and start a user session. It will instead authentication via SSH at 127.0.0.1 port 22. In my case I have changed for security reasons the ssh access communication port, therefore this authentificantion can’t be done. So, I have created a new ssh daemon instance to port 22 and with a rule that only ip 127.0.0.1 will be able to connect.

for more information link

let’s get to work :)

Install Cockpit-ws with podman module

The easiest way to install Cockpit-ws on OpenSUSE Kubic is through a distribution-specific repository. The good thing is that, in Kubic’s repositories this application is already included..

Open a terminal emulator and connect to your server using ssh.

Install the cockpit with the podman solution.

transactional-update pkg install cockpit-podman

Check if the cockpit-ws is running.

# podman container ls

CONTAINER ID  IMAGE                        COMMAND               CREATED        STATUS            PORTS   NAMES
f2ce7c3163cd  docker.io/cockpit/ws:latest  /container/atomic...  2 minutes ago  Up 2 minutes ago          cockpit-ws

before to login in the Cockpit was necessary to activate a new ssh instance with the port 22.

Create second instance of ssh with port 22

Copy of the sshd_config file (to be used by the second daemon)

cp /etc/ssh/sshd_config /etc/ssh/sshd-second_config

Edit sshd-second_config to assign a different port number, filter the ip.

vi /etc/ssh/sshd-second_config 
...
Port 22
...
ListenAddress 127.0.0.1

Make a copy of the systemd unit file for the sshd service.

cp /usr/lib/systemd/system/sshd.service  /etc/systemd/system/sshd-second.service

Alter /etc/systemd/system/sshd-second.service in the following way

  • Modify Description
    Description=OpenSSH second instance Daemon
  • Add the -f /etc/ssh/sshd-second_config option to sshd, so that the alternative configuration file is used
    ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd-second_config $SSHD_OPTS

Start sshd-second.service .

systemctl start sshd-second.service

Don’t close your actual ssh session and open and other emulator terminal to test the ssh 22 port. If it’s ok, you can enable the service, so that it starts automatically upon boot.

systemctl enable sshd-second.service

Once cockpit is installed and the ssh access validation activated on the machines you wish to manage, choose one to be your central console and connect to https://:9090

You will be presented with an login screen. Login with your remote user.

And we can see and check the podman containers.

Thank you for the initial photo.

Photo by Daniel von Appen on Unsplash