By default, it’s not possible to SSH into LXCs from outside, but we can accomplish that by setting up a SSH server in LXC and some port forwarding magic.
Setup SSH Server in LXC
We assume that the internal IP address of your LXC is 10.0.3.2 (See Assign Static Internal IP Addresses to LXC.).
- Log in to the LXC from the host server using the
- Set a password for the root user by issuing the
passwd rootcommand from within the LXC.
/etc/ssh/sshd_configfile, and set
- Restart the SSH service by issuing
service ssh restartcommand.
exitinto the host server.
- Test the SSH connection by issuing
If above steps worked, you’ve successfully set up SSH server in your LXC.
Allow SSH Access to LXC from Outside
We are going to dedicate a port in the host system to be used as a gateway to the LXC. Imagine you want to port
2002 of your host to be that gateway. We will forward the
2002 port of the host server to the
22 (Default SSH port.) of LXC.
You can do it by issuing the following command:
PREROUTING -i eth0 -p tcp -m tcp --dport 2002 -j DNAT --to-destination 10.0.3.2:22
Note that this won’t persist in the system after you restart the host server. To persist the setting, we need to install a software called
Once that is installed, issue the following command to save the port forwarding rules.
Your IPv4 rules will be saved in
/etc/iptables/rules.v4 and IPv6 rules will be saved in
If you make any manual modifications to those file, you can reload those by issuing
netfilter-persistent reload command.