SSH server that is running inside a container may be used by attackers. If attackers gain valid credentials to a container, whether by brute force attempts or by other methods (such as phishing), they can use it to get remote access to the container by SSH.
The following is a pod that runs an SSH server:
apiVersion: v1
kind: Pod
metadata:
name: openssh-server
spec:
containers:
- image: linuxserver/openssh-server:latest
name: openssh-server
env:
- name: SUDO_ACCESS
value: "true"
- name: PASSWORD_ACCESS
value: "true"
- name: USER_NAME
value: "demo"
- name: USER_PASSWORD
value: "dontDoThisInProd!"
ports:
- containerPort: 2222
This container can now be accessed by any other container in the cluster (assuming there are no network policies that forbid this). The situation could get even worse when the SSH service is exposed to systems outside of the cluster.