opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-10 07:45:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/docs/source/markdown/podman-system-connection-add.1.md
Andrew Melnick feb36e4fe6 Implement TLS API Support 
* Added flags to point to TLS PEM files to use for exposing and connecting
  to an encrypted remote API socket with server and client authentication.
* Added TLS fields for system connection ls templates.
* Added special "tls" format for system connection ls to list TLS fields
  in human-readable table format.
* Updated remote integration and system tests to allow specifying a
  "transport" to run the full suite against a unix, tcp, tls, or mtls
  system service.
* Added system tests to verify basic operation of unix, tcp, tls, and mtls
  services, clients, and connections.

Signed-off-by: Andrew Melnick <meln5674.5674@gmail.com>
2025-09-26 09:09:54 -06:00

2.9 KiB
Raw Permalink Blame History

% podman-system-connection-add 1

NAME

podman-system-connection-add - Record destination for the Podman service

SYNOPSIS

podman system connection add [options] name destination

DESCRIPTION

Record ssh destination for remote podman service(s). The ssh destination is given as one of:

  • [user@]hostname[:port]
  • ssh://[user@]hostname[:port]
  • unix://path
  • tcp://hostname:port

The user is prompted for the remote ssh login password or key file passphrase as required. The ssh-agent is supported if it is running.

OPTIONS

--default, -d

Make the new destination the default for this user. The default is false.

--identity=path

Path to ssh identity file. If the identity file has been encrypted, Podman prompts the user for the passphrase. If no identity file is provided and no user is given, Podman defaults to the user running the podman command. Podman prompts for the login password on the remote server.

--port, -p=port

Port for ssh destination. The default value is 22.

--socket-path=path

Path to the Podman service unix domain socket on the ssh destination host

--tls-ca=path

Path to a PEM file containing the certificate authority bundle to verify the server's certificate against.

--tls-cert=path

Path to a PEM file containing the TLS client certificate to present to the server. --tls-key must also be provided.

--tls-key=path

Path to a PEM file containing the private key matching --tls-cert. --tls-cert must also be provided.

EXAMPLE

Add a named system connection:

$ podman system connection add QA podman.example.com

Add a system connection using SSH data:

$ podman system connection add --identity ~/.ssh/dev_rsa production ssh://root@server.example.com:2222

Add a named system connection to local Unix domain socket:

$ podman system connection add testing unix:///run/podman/podman.sock

Add a named system connection to local tcp socket:

$ podman system connection add debug tcp://localhost:8080

Add a connection with a custom port:

$ podman system connection add --port 2222 staging user@staging.example.com

Add a connection with a custom socket path:

$ podman system connection add --socket-path /run/user/1000/podman/podman.sock remote-user user@remote.example.com

Add a connection and make it the default:

$ podman system connection add --default production root@prod.example.com

Add a named system connection to remote tcp socket secured via TLS:

$ podman system connection add secure-debug --tls-cert=tls.crt --tls-key=tls.key --tls-ca=ca.crt tcp://podman.example.com:8443

SEE ALSO

podman(1), podman-system(1), podman-system-connection(1)

HISTORY

June 2020, Originally compiled by Jhon Honce (jhonce at redhat dot com)