Student SSH access directly to container

I teach a community college course on linux system administration. Some students in the class do not have ready access to a linux install so the college has an SSH server they can access to complete lab work, experiment etc. Naturally, we don't provide the students with root access etc which has obvious pedagogical limitations.

I've been mulling around in my mind an idea where by the students can have their own container where they can have root privileges to etc so that I can cover a wider range of topics. I experience with containers is somewhat limited so I have a few questions that I was hoping to get some help with:

• Is it possible to have the students ssh "directly" to the container or would they have to start the container on login. Note, I'm not asking about (e.g.) binding the container to a specific port but is it possible to have their (/etc/passwd) shell be the container's shell or otherwise drop them into the container directly after login through a bash setting?
• Most of the time containers are run ephemerally but I essentially want to have the students to be able to have a persistent container. Are there any potential problems with having persistent containers?
• I feel like having a student be in a container would be more secure than them having unprivileged shell access, but are there any security disadvantages of giving students root access to a container?

Students have used a Centos system for their work previously and all my course material is built around Centos. Is there a suggested container image I should use? Would the regular docker/podman centos image work ok for this situation.

Thank you for your help and suggestions.

To answer some of your questions:

1. You would be able to SSH directly to the container, provided that it is running the SSHD service and the port is mapped. Each container needs it's own port open on the host to be able to SSH. There may be more complicated options using SystemD and custom logins, but you can definitely SSH.
2. You can configure containers with volumes for persistent storage, and if not told to they are normally just 'stopped', not stopped & removed. So yes, they can be persistent.
3. Actually, depending on how the container is run, it might not be! Giving someone root access in a container can be pretty much the same as giving them root access on the host - there's bound to be other answers on here about that.
4. Centos has an official container image, it'll be centos:7 or centos:8 most likelyy.

Another option is to look into whether some of the big cloud providers can do education accounts to allow access to a capped set of resources? This way students could deploy an environment pre-configured in the cloud and access it from anywhere (whilst also learning some cloud skills!). I'd expect all of the big 3 (amazon/google/microsoft) to have something available.