Root Console to a Host via Portainer?

by Neil Cresswell, on July 24, 2022

So, you have Portainer running in your environment, you are remote, enjoying a long overdue holiday or something suitably glamorous, and now disaster strikes... you need to access your Docker/Kubernetes Hosts, but you forgot your SSH keys...

What can you do? You have Portainer running, you are an admin, so how can you get a console on the hosts?

Well, due to the nature of Docker (and to a lesser extent, Kubernetes) containers BY DEFAULT have near unlimited access to the host (its why security is so critical).

Let me show you what i mean.

In Portainer, click on Containers, and then click to "+ Add Container".

Use the image "busybox:latest" (or another of your preference)

In the bottom of the window, "advanced container settings" select console mode " Interactive & TTY"

Set a bind mount of /host in the container to / on the host

Set the permissions to "privileged"

Deploy the container.

Now, console into the container (for busybox, change the console to /bin/sh).

Type the command chroot /host to change your default root path to be /host (which is the bind mount to the host fs)

The container is now running as root on the host and you can run commands againt the host.

As an example, you can type "echo 3 > /proc/sys/vm/drop_caches" to flush the memory caches .. or you can reboot the host using "reboot now"

So this is a really quick and easy way to get root console access to your hosts..

Dangerous? Yes, or course, and its why (by default) in Portainer we DISABLE this capability for non-admin users.

Regardless, if you are remote, a Portainer admin, and you need to quickly gain access to your hosts, this does the trick.

 

 

Interested in running Portainer in a business environment?

Portainer Business is our fully featured, fully supported business product. It is used by some of the largest organizations in the world to deliver a powerful self-service container management experience for developers and IT teams. With more than 500,000 active users, Portainer is proven to be the simplest and most effective way of managing Docker, Swarm, and Kubernetes environments.

GET 5 NODES OF PORTAINER BUSINESS FREE TALK TO SALES

Comments