Add ability to communicate with daemon over ssh subsytem

[tomasol]

It is too complex to set up authenticated https binding. Using ssh subsystem functionality would mean no additional authentication is needed. You can get std in and out and tunnel it to existing http calls, but both client and server have to understand this.

[cpuguy83]

Here is what's being done to simpify that: #8265
Basically, client will automatically generate a key pair, daemon will do the same.
Daemon has list of authorized keys, client has the same (for authorized hosts/host key pairs).

Very similar to ssh, but not.

[tomasol]

Thanks for reply. Can you explain how is creating another auth method better than reusing ssh? Users will have to manage ssh auth for the VM anyway.

[cpuguy83]

I'm not familiar enough with it to give you a definitive answer, but I could guess...

It's not just about a secure connection, its about identity management. This included image provenance (singing images with your private key), user authentication, and user authorization.
See the accompanying library. https://github.com/docker/libtrust/blob/master/README.md

[AkihiroSuda]

DOCKER_HOST=ssh://<user>@<host> was implemented in Docker 18.09