In addition to providing the application-layer SSH mode where Users can access SSH servers in a secret-less way without having distribute and share private keys or passwords with them (read more here), Octelium also offers an "embedded" SSH mode where the connected octelium client itself, when using the --essh flag in the octelium connect command, can serve SSH by running an embedded SSH server from within the octelium client without having to rely on an existing SSH server on the host it is running on. Just like in the typical application-layer SSH mode, embedded SSH seamlessly provides secret-less access for Users without having to share and distribute private keys or passwords.
This mode is especially useful to SSH into fleets of hosts such as embedded IoT devices, containers and other confined environments where it is not possible or practical to run a standalone SSH server on every and each one of them.
Embedded SSH is capable of serving SSH even at "rootless" mode. In other words, the octelium client is capable of serving embedded SSH even when running as an unprivileged non-root user.
You can create an embedded SSH Service as follows:
1kind: Service2metadata:3name: essh14spec:5config:6ssh:7eSSHMode: true
A User can simply announce their intent to serve embedded SSH when connecting to the Cluster via the --essh flag as follows:
export OCTELIUM_DOMAIN=example.com# In this example we are running octelium and serving SSH as an unprivileged user without sudooctelium connect --essh
Now connected, authorized Users can simply SSH into the host of a certain Session by using the Session's name as the SSH user as follows:
export OCTELIUM_DOMAIN=example.com# Connect to the Clusteroctelium connect -d#You can optionally list the current Sessions as follows:octeliumctl get sess# Once you obtain the Session name, use it as the SSH user as follows:ssh usr1-abcdef@essh1