Heath,
    Typically, we don't add daemons to UBI. Could you give me a little more information about your use case? Specifically, I am trying to understand why/how a user would use ssh-server in a cloud native way on the service network in OpenShift (aka with the Kubernetes service layer)?

Scott,
  In our environment, we are utilizing a containerized PostgreSQL instance for our database backend, and then utilizing a backrest pod for backup and restore functionality in a separate container.  The current issue is that the backrest container relies on having an ssh server running to communicate between itself and the PostgreSQL container’s server that is running.  This is how backrest sends the necessary commands to the PostgreSQL database in order to perform both backup and restore operations on the database.  While we can understand why this may not necessarily ideal from Red Hat’s perspective, we are currently leveraging this functionality, and we would have to consider some re-architecture on our side if we need to drop this dependency.  That is our main reason for requesting the openssh-server package to be added to UBI.  Thank you so much for getting back to us so quickly and I apologize for taking so long to reply.

Thanks,
   Heath

Hi, 

I am facing this problem with ubi-8. I can't find openssh-server package.
I need to enable and allow incoming sftp connection to the pod. 
In my use case, external systems will send data files to the pod over sftp.

Thank you for reaching out with this request. We appreciate your interest in Red Hat Universal Base Image. Today, UBI is really targeted towards cloud native, application developers working with languages like Java, Node.js, Golang, .Net, Perl, Python, Ruby, and PHP [1]. Currently, this request does not fall within the currently approved use cases for inclusion in UBI. The scope of UBI will likely grow and we will keep this use case in mind.

[1]: https://developers.redhat.com/blog/2019/10/09/what-is-red-hat-universal-base-image/

Best Regards
Scott McCarty, RHCA
Product Management - Containers, Red Hat Enterprise Linux & OpenShift
Email: smccarty

I am using UBI with Docker on my Mac to develop and test solutions prior to deployment on RHEL.  My test cases would be simplified by having the Docker container run sshd -D then letting my test scripts ssh in to run the different scenarios.

One use case for SSH in UBI for which we would greatly benefit is allowing us to create a "debug" image/container, which can be remotely accessed to for troubleshooting.

Is there another way to accomplish SSH running in UBI without using openssh-server?

Thanks!

SFTP is an important mechanism for passing data in certain scenarios such as a situation where another service is dropping (for processing) or picking up data (after processing). While this could be split into two images (processing and SFTP server), it is sometimes beneficial for packaging/distribution reasons to keep a "complete" solution in a single image. Logically in this scenario, the SFTP server is no different than an embedded web server serving as the transport mechanism.

I would user reconsideration on this because there are other reasons RedHat images may be preferred (policy, being one) for general usage, but this is currently impossible or very difficult to accomplish due to the omission of openssl-server.

Thank you for your continued interest in UBI.  We have re-evaluated and openssh-server is now included in ubi7 and ubi8

[jwboyer@vader input2]$ podman run -it --rm registry.access.redhat.com/ubi7
Trying to pull registry.access.redhat.com/ubi7:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 6f643dcd4108 done  
Copying blob 9657f8408390 done  
Copying config 416acb3112 done  
Writing manifest to image destination
Storing signatures
[root@7bb3d89de27c /]# yum --disablerepo=rhel* install openssh-server
Loaded plugins: ovl, product-id, search-disabled-repos, subscription-manager
ubi-7                                                    | 3.8 kB     00:00     
ubi-7-rhah                                               | 3.7 kB     00:00     
ubi-7-server-extras-rpms                                 | 3.7 kB     00:00     
ubi-7-server-optional-rpms                               | 3.8 kB     00:00     
ubi-server-rhscl-7-rpms                                  | 3.8 kB     00:00     
(1/15): ubi-7/x86_64/group                                 |  124 B   00:00     
(2/15): ubi-7/x86_64/updateinfo                            |   92 B   00:00     
(3/15): ubi-7/x86_64/primary_db                            | 801 kB   00:00     
(4/15): ubi-7-rhah/x86_64/group                            |  124 B   00:00     
(5/15): ubi-7-rhah/x86_64/primary_db                       | 2.5 kB   00:00     
(6/15): ubi-7-rhah/x86_64/updateinfo                       |   92 B   00:00     
(7/15): ubi-7-server-extras-rpms/x86_64/group              |  124 B   00:00     
(8/15): ubi-7-server-extras-rpms/x86_64/primary_db         | 6.8 kB   00:00     
(9/15): ubi-7-server-extras-rpms/x86_64/updateinfo         |   92 B   00:00     
(10/15): ubi-7-server-optional-rpms/x86_64/group           |  124 B   00:00     
(11/15): ubi-7-server-optional-rpms/x86_64/primary_db      |  14 kB   00:00     
(12/15): ubi-7-server-optional-rpms/x86_64/updateinfo      |   92 B   00:00     
(13/15): ubi-server-rhscl-7-rpms/x86_64/group              |  124 B   00:00     
(14/15): ubi-server-rhscl-7-rpms/x86_64/updateinfo         |   92 B   00:00     
(15/15): ubi-server-rhscl-7-rpms/x86_64/primary_db         | 397 kB   00:00     
Resolving Dependencies
--> Running transaction check
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed
--> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64
---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch          Version              Repository    Size
================================================================================
Installing:
 openssh-server           x86_64        7.4p1-21.el7         ubi-7        459 k
Installing for dependencies:
 fipscheck                x86_64        1.4.1-6.el7          ubi-7         21 k
 fipscheck-lib            x86_64        1.4.1-6.el7          ubi-7         11 k
 openssh                  x86_64        7.4p1-21.el7         ubi-7        510 k
 tcp_wrappers-libs        x86_64        7.6-77.el7           ubi-7         66 k

Transaction Summary
================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.0 M
Installed size: 3.0 M
Is this ok [y/d/N]: