aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2017-03-24 15:17:12 -0300
committerSilvio Rhatto <rhatto@riseup.net>2017-03-24 15:17:12 -0300
commitf365cc0d217c895d1741c5cba8b03dd75064e33f (patch)
tree2bc248101147678aac707e1ce6b0bd6f8ef0565d
parent9861c861b55e7f8efca6532a3968b16eb59e9e58 (diff)
downloadkvmx-f365cc0d217c895d1741c5cba8b03dd75064e33f.tar.gz
kvmx-f365cc0d217c895d1741c5cba8b03dd75064e33f.tar.bz2
Support for custom SSH keypair per virtual machine
-rw-r--r--README.md1
-rwxr-xr-xkvmx17
-rwxr-xr-xkvmx-create24
-rw-r--r--kvmxfile11
4 files changed, 45 insertions, 8 deletions
diff --git a/README.md b/README.md
index 21092a4..5410818 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,6 @@ If no folder is specified, the current folder is assumed as the project home.
## Further development
-* Support for custom SSH keypair per virtual machine.
* Remount shared folders and reinitialize spice-vdagent upon resume from disk.
* More params (memory, cpus, ssh, serial console, additional shared folders, etc).
* Integration with [image-bootstrap](https://github.com/hartwork/image-bootstrap).
diff --git a/kvmx b/kvmx
index 6f9c582..b9523aa 100755
--- a/kvmx
+++ b/kvmx
@@ -56,6 +56,11 @@ function __kvmx_set_app_base {
fi
}
+# Build a SSH command
+function __kvmx_ssh_command {
+ SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o ProxyCommand=none -i $1"
+}
+
# Initialize
function __kvmx_initialize {
__kvmx_set_app_base
@@ -118,7 +123,7 @@ function __kvmx_initialize {
SSHKEY="$APP_BASE/share/ssh/insecure_private_key"
fi
- SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o ProxyCommand=none -i $SSHKEY"
+ __kvmx_ssh_command $SSHKEY
mkdir -p $STATE_DIR
@@ -181,6 +186,7 @@ function kvmx_up {
if [ ! -z "$basebox" ]; then
if [ -e "$GLOBAL_USER_CONFIG_FOLDER/$basebox" ]; then
baseimage="`kvmx list_image $basebox`"
+ basekey="`basename $baseimage .img`.key"
if [ ! -e "$baseimage" ]; then
echo "$BASENAME: could not find basebox $baseimage. Please create it first."
@@ -189,6 +195,15 @@ function kvmx_up {
echo "Copying base image $baseimage to $image..."
cp $baseimage $image
+
+ if [ -e "$basekey" ]; then
+ imagekey="`basename $image .img`.key"
+ cp $basekey $imagekey
+ cp $basekey.pub $imagekey.pub
+
+ # Re-evaluate this if there's a custom SSH key.
+ __kvmx_ssh_command $basekey
+ fi
fi
else
kvmx-create $GLOBAL_USER_CONFIG_FOLDER/$VM
diff --git a/kvmx-create b/kvmx-create
index 31646eb..38405a3 100755
--- a/kvmx-create
+++ b/kvmx-create
@@ -94,7 +94,7 @@ function kvmx_sudo_run {
# Make sure there is provision config.
function kvmx_config {
- kvmx_user_config image /var/cache/qemu/debian/box.img "Destination image"
+ kvmx_user_config image /var/cache/qemu/debian/box.img "Destination image (ending in .img)"
kvmx_user_config size 3G "Image size"
kvmx_user_config format qcow2 "Image format: raw or qcow2"
kvmx_user_config method custom "Bootstrap method: custom or vmdeboostrap"
@@ -241,11 +241,23 @@ function kvmx_create_custom {
# Initial user
kvmx_sudo_run chroot $WORK/ useradd user -G sudo -s /bin/bash
- kvmx_sudo_run chroot $WORK/ mkdir -p /home/user/.ssh
- kvmx_sudo_run chroot $WORK/ chmod 700 /home/user/.ssh
- kvmx_sudo_run cp $DIRNAME/share/ssh/insecure_private_key.pub $WORK/home/user/.ssh/authorized_keys
- kvmx_sudo_run chroot $WORK/ chmod 600 /home/user/.ssh/authorized_keys
- kvmx_sudo_run touch $WORK/home/user/.hushlogin
+
+ if [ "$ssh_support" == "y" ];
+ if [ "$ssh_custom" == "y" ]; then
+ privkey="`dirname $image`/`basename $image .img`.key"
+ pubkey="${privkey}.pub"
+ ssh-keygen -t rsa -b 4096 -f $privkey -N '' -C "user@`basename $image .img`"
+ else
+ pubkey="$DIRNAME/share/ssh/insecure_private_key.pub"
+ fi
+
+ kvmx_sudo_run chroot $WORK/ mkdir -p /home/user/.ssh
+ kvmx_sudo_run chroot $WORK/ chmod 700 /home/user/.ssh
+ kvmx_sudo_run cp $pubkey $WORK/home/user/.ssh/authorized_keys
+ kvmx_sudo_run chroot $WORK/ chmod 600 /home/user/.ssh/authorized_keys
+ kvmx_sudo_run touch $WORK/home/user/.hushlogin
+ fi
+
kvmx_sudo_run chroot $WORK/ chown -R user.user /home/user
echo 'user:user' | kvmx_sudo_run chroot $WORK/ chpasswd
diff --git a/kvmxfile b/kvmxfile
index 99fad1d..631678d 100644
--- a/kvmxfile
+++ b/kvmxfile
@@ -49,5 +49,16 @@ version="stretch"
# Debian mirror
mirror="http://http.debian.net/debian/"
+# Enables remote administration using SSH. With this configuration enabled,
+# kvmx will be able to administer a running virtual machine using SSH access
+# inside the virtual machine.
ssh_support="y"
+
+# Use a custom, per-virtual-machine generated SSH keypair. If you disable this
+# configuration but still want guest administration using SSH, the default
+# insecure keypair will be used.
+#
+# Please note that this setting won't take effect if you're using a basebox.
+# In that case the basebox keypair will be used if it exists, otherwise kvmx
+# fallsback to the default insecure keypair.
ssh_custom="y"