Ssh with port 22 into k8s pod as non root user

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version: 1.19
Cloud being used: on-perm
Installation method: i believe kubeadm
Host OS: ubuntu

Hi, I have a business requirement to SSH as a non-root into kubernetes pod and this is already in traditional server setup, just moving the same to k8s.
Have installed metallb. I created my set of private and public keys. Add the public key and sshd_config ( PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no) as configmap and mounted as volumes (/root/.ssh/authorized_keys).
Created a LB type service which bind the pod with metallb ip.
Able to ssh using ssh root@metallbip.

Added the non-root user in /etc/group and /etc/passwd, public key under /home/xyz/.ssh/authorized_keys.If i mount this using configmap, the ownership is root:root.
So I added them in dockerimage itself, updated the ownership to xyz:xyz’s group and permission to 0600, created pod in k8s cluster. But getting “xyz@metallbip: Permission denied (publickey)”.
I think am missing something when I want to ssh as a non root user. Am running the pod and openssh-server as root.

Please let me know if anyone can help with this.

apiVersion: apps/v1
kind: Deployment
metadata:
name: application-deployment
spec:
selector:
matchLabels:
app: application
replicas: 1
template:
metadata:
labels:
app: application
spec:
containers:
- name: application
image: my-private-docker-registry/ssh-test:0.1.3
ports:
- containerPort: 22
volumeMounts:
- name: ssh-volume
subPath: sshd_config
mountPath: /etc/ssh/sshd_config
volumes:
- name: ssh-volume
configMap:
name: ssh-config
imagePullSecrets:
- name: image-pull-secret

apiVersion: v1
kind: Service
metadata:
name: ssh-service
spec:
type: LoadBalancer
ports:

  • port: 22
    targetPort: 22
    selector:
    app: application

apiVersion: v1
kind: ConfigMap
metadata:
name: ssh-config
data:
sshd_config: |
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PermitRootLogin no
AllowUsers xyz
authorized_keys: |
ssh-rsa XXXXXXXXXX

my dockerfile…

FROM ubuntu
RUN apt-get update
RUN apt-get -y install openssh-server
RUN apt-get -y install net-tools
RUN apt-get -y install lsof
RUN apt-get -y install iproute2
COPY ./id_rsa.pub /home/xyz/.ssh/authorized_keys
COPY ./group /etc/group
COPY ./passwd /etc/passwd
RUN mkdir -p /home/xyz/.ssh
RUN chown -R xyz:xyz_g /home/xyz/.ssh
RUN chmod 0700 /home/xyz/.ssh
RUN chmod 0600 /home/xyz/.ssh/authorized_keys
ENTRYPOINT service ssh restart -D
EXPOSE 22

Hi:

You should create the user xyz:xyz_g in the Dockerfile, otherwise, the only user inside the container is root.

Best regards,

Xavi