Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to make lightest Virtual Machine/container with separate SSH?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to make lightest Virtual Machine/container with separate SSH?

AXYZEAXYZE Member
edited November 2022 in Help

Hey!

I want to create VM with separate SSH login on my dedi.
Whats the lightest option to do it?

Last time I was using Proxmox+LXC and plenty of other people are using it, but maybe is something lighter that won't be hassle to maintain in long run?
From quick Google Search I see that I can do it on Ubuntu via LXD - will it be lighter? Anyone has experience with maintaining it?

By lighter I mean less RAM usage, less disk usage. Kernel can be shared with host and probably should be shared to minimize ram&disk usage, so I'm looking at LXC/OVZ.

Created VM should be binded to seperate IPv6 address or selected ports from IPv4 host IP.
It will be just 1-2 VMs on host.
Would like to avoid OVZ because of old kernel on stable version, but if its really lighter than other solutions then let me know, I can test out OVZ9 alpha.

Only free solutions please.

«1

Comments

  • @Arkas pls fix my embarrassing typo "seperate" in title <3

  • MaouniqueMaounique Host Rep, Veteran
    edited November 2022

    You could go with simple LXC, without the proxmox overhead or even docker. Chrooting could also work and it is the lightest possible option, but it all depends on your requirements.
    BTW, a container is not a VM, by default a VM is much-much heavier.

    Thanked by 1AXYZE
  • @Maounique said:
    You could go with simple LXC, without the proxmox overhead or even docker. Chrooting could also work and it is the lightest possible option, but it all depends on your requirements.
    BTW, a container is not a VM, by default a VM is much-much heavier.

    Yes, I want option without overhead.
    VM/container doesn't matter, that's why its on slash. It just needs to be seperate env with own apps and SSH access.

    Can you give me opinion how should I deploy such LXC containers with SSH access?
    Use "lxc" like "lxc launch", "lxc exec" etc. or it is better to choose some kind of basic manager like LXD on Ubuntu?

  • ArkasArkas Moderator

    @AXYZE said: @Arkas pls fix my embarrassing typo "seperate" in title

    Done.

    Thanked by 1AXYZE
  • The docker way is to install openssh on a container and then map the ssh port to your host port.

    https://docs.docker.com/config/containers/container-networking/#published-ports

    Thanked by 2dev077 AXYZE
  • MaouniqueMaounique Host Rep, Veteran

    @AXYZE said: is better to choose some kind of basic manager like LXD on Ubuntu?

    If you already have Ubuntu installed, then you should try Docker. Unless you are already proficient in LXC/LXD, if you have to learn something anew, Docker might work better and it is more flexible.
    If you do need a more VM-like environment, yes, LXD with lxdui would work.

    Thanked by 1AXYZE
  • @AXYZE said:
    Can you give me opinion how should I deploy such LXC containers with SSH access?
    Use "lxc" like "lxc launch", "lxc exec" etc. or it is better to choose some kind of basic manager like LXD on Ubuntu?

    lxc is the client and lxd is the daemon. they're the same thing.

    1) lxd init to create the lxd bridge
    2) lxc launch to create your container
    3) lxc exec to go into the container to modify your sshd settings

    the container will be assigned an internal ip from the bridge. you can already ssh into it from the host (or create iptables forward rule to access it from the internet). if you have a public IP, you can also configure the container with this public ip so it's accessible from the internet.

    Thanked by 1AXYZE
  • Docker container based on Alpine, with SSH running inside. Can be done in less than 10 mb image size and a few dozen mb RAM.

    Thanked by 1AXYZE
  • Podman might be of interest, as it doesn't have any daemon

    Thanked by 1AXYZE
  • AXYZEAXYZE Member
    edited November 2022

    Trying different solutions right now.

    Already checked out LXD with lxdui as @Maounique suggested, but I also found lxdmosaic and it looks better with more features. Also saw TinyCP with option of managing LXD/LXC, but it doesn't look like devs care about this project.
    Sadly only option to install LXD apart from compiling from source is snap and that I hate that shit.

    I don't know how I forgot about Docker existence... but now I'll try it and test if its its lighter (should be, snap alone without doing anything more doubled RAM usage 100MB->200MB lol)

  • @AXYZE LXC + LXDWARE

    Thanked by 1AXYZE
  • @CalmDown said:
    @AXYZE LXC + LXDWARE

    Ok, another option to check out after I'll play with Docker.

    I entered their site and noticed typos right away tho xD
    "dasbhoard on Ubuntu 22.04"
    https://lxdware.com/installation/

    idk idk, I'll still play with it. Thanks!

  • Because so many people going lxc here I will snatch this topic for a question:

    How does the lxd routing/forwarding works? Shit stable?
    Seen a lot of stories about docker network just randomly stopping working - same story with LXC/D?

    Thanked by 1AXYZE
  • Well.. Docker = application container ; LXC/LXD = system container. It looks like op wants system containers so Dockers,Podmans and other nonsenses are out of question

    Thanked by 1AXYZE
  • @AXYZE said:

    @CalmDown said:
    @AXYZE LXC + LXDWARE

    Ok, another option to check out after I'll play with Docker.

    I entered their site and noticed typos right away tho xD
    "dasbhoard on Ubuntu 22.04"
    https://lxdware.com/installation/

    idk idk, I'll still play with it. Thanks!

    Using it for a while, no problems, works good :)

    Thanked by 1AXYZE
  • yoursunnyyoursunny Member, IPv6 Advocate

    I use plain LXC on Debian 11.
    100% manually configured.
    Each container has own SSH daemon.

    For the on-premise server:

    • Network bridge includes the physical interface.
    • Each container gets IPv4 in the same subnet as all other devices in the house.
    • Each container has public IPv6 coming from the home router too.

    For setups inside big KVM:

    • Network bridge is virtual; it doesn't include the uplink interface.
    • Each container has private IPv4, with NAT handled by iptables in the main system.
    • Each container has public IPv6, with routing handled in the main system, and ndpresponder if needed.

    These are all for personal use, so each container can use all the CPU RAM diks, without limitation.

    Thanked by 1Maounique
  • https://github.com/docker-slim/docker-slim
    https://blog.oddbit.com/post/2015-02-05-creating-minimal-docker-images/

    Application containers work using chroot, namespaces and cgroups - in case you want to dig deeper.

  • MaouniqueMaounique Host Rep, Veteran

    @amarc said: It looks like op wants system containers so Dockers,Podmans and other nonsenses are out of question

    I am not so sure, the OP does specify VM, but says needs separate SSH. That could be achieved in various ways, the lightest being app container. the difference in footprint between docker and a VM is huge, however, a system container is a reasonable compromise, much lower footprint and much more options, albeit an app container can't be beaten at the resources usage.

    lxdui is pretty well maintained and stable. There are many options, but for ubuntu that is probably among the best.
    Manually configuring, yes, but the resource usage is minimal so, someone running Ubuntu is not really worried about resources to that extent.

    Docker does have issues with networking but LXC (at least the Debian version) is a rock, I never had issues I didn't cause.

  • If you like FreeBSD try bhyve

  • duckeeyuckduckeeyuck Member
    edited November 2022

    Dude, wtf, ANY vm IS FINE, and if you want separate ssh, then just change the port
    for a normal vm where you play/dev or whatever, ANY VM IS "LIGHT"

    why didn't you just install virtualbox/virt-manager?

    also, what do you even mean b y hassle to mantain? be it vbox/proxmox w/e, you install it and that's it, I don't think you have any idea of what you're talking about, and the best way to stop being ignorant is to just do it

  • @duckeeyuck said:
    Dude, wtf, ANY vm IS FINE, and if you want separate ssh, then just change the port
    for a normal vm where you play/dev or whatever, ANY VM IS "LIGHT"

    why didn't you just install virtualbox/virt-manager?

    also, what do you even mean b y hassle to mantain? be it vbox/proxmox w/e, you install it and that's it, I don't think you have any idea of what you're talking about, and the best way to stop being ignorant is to just do it

    It is clearly stated that the OP wants something lighter than an entire virtual machine and wants something that uses the least amount of CPU, ram and disk possible.
    Also what do you mean by "just change the port"? Changing the SSH port ftom, e.g. port 22 to port 23 is not starting a separate SSH instance.

    Thanked by 1sebkehl
  • Another interesting option would be to run LXC containers on Alpine, for the least amount of resource usage possible

  • @duckeeyuck said:
    Dude, wtf, ANY vm IS FINE, and if you want separate ssh, then just change the port
    for a normal vm where you play/dev or whatever, ANY VM IS "LIGHT"

    why didn't you just install virtualbox/virt-manager?

    also, what do you even mean b y hassle to mantain? be it vbox/proxmox w/e, you install it and that's it, I don't think you have any idea of what you're talking about, and the best way to stop being ignorant is to just do it

    I'm setting up server for students from very poor country, where computer with something newer than Core 2 Duo & 1GB ram is luxury. Most people have just phone.

    Connectivity is limited there, they have something like intranet for the most part. Im importing hardware there with own money. Its not cheap.

    I want to setup something that doesnt need any maintaining - reconfiguring, migrations, big updates.
    I don't know if 100% of solutions are like that so Im writing about it. I have 0 experience with OVZ for example.
    I want to use resources most efficiently so they wont have problems in future - especially Im worried about disk because if 100 people will have "accounts" there I want base to be very minimal.

    ... I must say you annoyed me tho as I wouldnt want to even write stuff above, but seems like I need to so you'll get context. Can you please fuck off now with your aggressive "you have no idea what youre doing" & "being ignorant" now?

    I have an idea what Im doing - I'm asking the community about their experiences. Because you'll never be best, there's always something to learn from others, theres always something you forgot (in my case Docker).

  • @GreenRuby said:
    Another interesting option would be to run LXC containers on Alpine, for the least amount of resource usage possible

    I will try it tomorrow. Alpine looks nice. Thanks!

  • duckeeyuckduckeeyuck Member
    edited November 2022

    @AXYZE said: I'm setting up server for students from very poor country, where computer with something newer than Core 2 Duo & 1GB ram is luxury. Most people have just phone.

    doesn't matter, the hypervisor barely taks resources, the real amount of resources you use will be the ones you give and use to the vm
    running virtualbox with a 512mb ram and installing, say, debian minimal with ssh, accomplishes what you want, and you will not find much difference between vbox/qemu/kvm/lxc as long as your usage is just ssh/terminals

    thats why im saying you should use the easiest thing available (imho virtualbox will get you there asap)
    because its faster than installing alpine/distros and some system to manage this

    technincally, if you use ubuntu/debian just install qemu-kvm and virt-manager and done, faster and easier than setting up lxc, which is not a vm, just a container

    the responses you see here about "lxc/alpine", docker, are a bit niche and might as well give you problems, alpine breaks if you update often and officially it's not recommended, the idea is making an image with alpine and running it, and when you want to update you make another image apart from your files/project, don't do it, these are nerds also trying to get out what they just found out about

    just install virtualbox on any distro/windows and get your goal done:

    if you got some stuff in your os/distro that is lighter (something built in for example), it will automatically use it, save your self all the trouble

    if it's terminals you want, you will not feel any performance loss, it's not "heavy", your cpu even if it's a core2duo will be able to do just fine

    you don't need ANY maintenance, the point of the vm is that it's isolated and something separate, there is nothing you have to go around deleting/cleaning except what you do inside the machine
    if you use virt-manager, updating your distro will take care of it
    if you use vbox, updating vbox will do it, don't need to if it's working right
    you don't need it, as long as the host isn't exposed, that's the point of them

  • @duckeeyuck said:

    @AXYZE said: I'm setting up server for students from very poor country, where computer with something newer than Core 2 Duo & 1GB ram is luxury. Most people have just phone.

    doesn't matter, the hypervisor barely taks resources, the real amount of resources you use will be the ones you give and use to the vm
    running virtualbox with a 512mb ram and installing, say, debian minimal with ssh, accomplishes what you want, and you will not find much difference between vbox/qemu/kvm/lxc as long as your usage is just ssh/terminals

    Bro.
    I know what I need.
    I know what will be used there.
    Dont write own history to it.

    I seek for solutions that may be even lighter than LXD/LXC standalone on Ubuntu which I already mentioned in original post and to share experiences with all different solutions. Couple people above already were talking about network issues on one or another solution after time. This is maintanence.

    Already got couple if good solutions and testing it out.

    Everyone uses VNC/RDP on Linux, yet NX is far superior IMO and I've learned about in just month ago. 10 years after my first experience with servers (FreeBSD, Metin2 game server) and I tested NX just because some random post on LET. And I'll never go back to VNC/RDP now.

    There is always something to learn. I always try to ask experienced people to learn from them, even if I think I already got good response.

    I'm trying to write quite detailed posts. Its not because I didnt setup any VM, its because people here (and me) are not natives and I try to write text that is not hard to learn, easy terminology etc. which may caused you to think I've never setup VM in my life. No, I did with many different solutions, but just like with NX server maybe theres something 99% people here missed. Or missed because they didnt use it for long while (Docker in my case as I switch to installing bare metal with scripts and Ansible)

  • @AXYZE said: I know what I need.

    no you don't since you don't even know what lighter even means lol, are you saying the vm hypervisors you tried are slow? for real? if you felt slowness, it wasn't the vm software it self, they have almost zero overhead since more than a decade ago (except for graphical stoof)

    now rdp/vnc? you will not get anywhere, you actually think maybe something as slow as what you tried exists but you really have zero idea what's going on, you will NEVER get better graphical performance without a gpu and pci passthru
    do you think that you experiences so far can get lighter?

    it doesn't matter what you try, if you get the "lightest" hypervisor lol, you will not get what you want since you don't know whats going on

    all of them barely take ram, doesn't matter if you for lxc/kvm/etc, the hypervisor is beyond light, these things are made with performance as priority

    Couple people above already were talking about network issues on one or another solution after time. This is maintanence.

    imagine thinking you know lol
    im telling you right now that what these people are doing is niche, make a new post asking them if this is the most convenient way for you to do things
    setup =! maintenance, funny enough you ask for something that doesn't require this, i tell you which doesn't, then you tell me some stoof requires maint but it is not what i told you lol

    @GreenRuby said: It is clearly stated that the OP wants something lighter than an entire virtual machine and wants something that uses the least amount of CPU, ram and disk possible.

    have you measured how much resources a hypervisor takes? you guys got zero idea of your cpu being bundled with instructions to get rid of vm overhead oor how much resources these things actually take

  • @duckeeyuck said:

    @AXYZE said: I know what I need.

    no you don't since you don't even know what lighter even means lol, are you saying the vm hypervisors you tried are slow? for real? if you felt slowness, it wasn't the vm software it self, they have almost zero overhead since more than a decade ago (except for graphical stoof)

    I've wrote that I want to "minimize ram&disk usage" in original post and then wrote that once again in reply to you "I want base to be very minimal".
    Yet you fail to get it and now wrote history once again that I told about slowness.

    Please, just get off this thread at this point. I won't be correcting your own history that you wrote once again just to have some kind of moral base for attacking people that you think are noobs.

  • MaouniqueMaounique Host Rep, Veteran
    edited November 2022

    @duckeeyuck said: you will not find much difference

    I beg to differ.

    VirtualBox is an absolute hog, it would use 100 MB just for itself in each instance and lots of CPU. Yes, you can tweak the VM, remove printing, sound, video acceleration, but it is still a hog especially if you plan on running one VM per student with low ram which would thrash the disk in many cases.

    Containers, on the other hand, not only have a lower overhead, but also use the resources more efficiently, VBox needs to do some artificial things like ballooning or deduplication which the containers don't need to.
    VBox management is also pretty complicated too, you can automate vm creation and removal, of course, but even with thin provisioning, it still takes more space on the disk and has more overhead accessing it even with virtio.

    Depending on the actual usage, the difference in density could be as high as 2:1 between VBox and LXC before the node starts showing signs of overload.

    That being said, compared to 10 years ago, indeed, the progress has been fantastic regarding virtualization and overhead is as low as 1-3% CPU in some implementation of full virtualization (not VBox, that is much higher), but the CPU is just one resource, RAM should also be considered and in VBox and even VMWare player the ram waste is significant.

    @duckeeyuck said: which is not a vm, just a container

    The quest to find a solution starts with the understanding of the problem, the requirements. You don't need a VM to run SSH, heck, not even a container. If you don't need full virtualization and full virtualization is significantly heavier than a container, then the container is the logical solution.

    Thanked by 1sebkehl
  • bulbasaurbulbasaur Member
    edited November 2022

    (removed, would not suit the use case as OP needs unprivileged containers)

Sign In or Register to comment.