diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2017-03-24 15:17:12 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2017-03-24 15:17:12 -0300 |
commit | f365cc0d217c895d1741c5cba8b03dd75064e33f (patch) | |
tree | 2bc248101147678aac707e1ce6b0bd6f8ef0565d | |
parent | 9861c861b55e7f8efca6532a3968b16eb59e9e58 (diff) | |
download | kvmx-f365cc0d217c895d1741c5cba8b03dd75064e33f.tar.gz kvmx-f365cc0d217c895d1741c5cba8b03dd75064e33f.tar.bz2 |
Support for custom SSH keypair per virtual machine
-rw-r--r-- | README.md | 1 | ||||
-rwxr-xr-x | kvmx | 17 | ||||
-rwxr-xr-x | kvmx-create | 24 | ||||
-rw-r--r-- | kvmxfile | 11 |
4 files changed, 45 insertions, 8 deletions
@@ -46,7 +46,6 @@ If no folder is specified, the current folder is assumed as the project home. ## Further development -* Support for custom SSH keypair per virtual machine. * Remount shared folders and reinitialize spice-vdagent upon resume from disk. * More params (memory, cpus, ssh, serial console, additional shared folders, etc). * Integration with [image-bootstrap](https://github.com/hartwork/image-bootstrap). @@ -56,6 +56,11 @@ function __kvmx_set_app_base { fi } +# Build a SSH command +function __kvmx_ssh_command { + SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o ProxyCommand=none -i $1" +} + # Initialize function __kvmx_initialize { __kvmx_set_app_base @@ -118,7 +123,7 @@ function __kvmx_initialize { SSHKEY="$APP_BASE/share/ssh/insecure_private_key" fi - SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o ProxyCommand=none -i $SSHKEY" + __kvmx_ssh_command $SSHKEY mkdir -p $STATE_DIR @@ -181,6 +186,7 @@ function kvmx_up { if [ ! -z "$basebox" ]; then if [ -e "$GLOBAL_USER_CONFIG_FOLDER/$basebox" ]; then baseimage="`kvmx list_image $basebox`" + basekey="`basename $baseimage .img`.key" if [ ! -e "$baseimage" ]; then echo "$BASENAME: could not find basebox $baseimage. Please create it first." @@ -189,6 +195,15 @@ function kvmx_up { echo "Copying base image $baseimage to $image..." cp $baseimage $image + + if [ -e "$basekey" ]; then + imagekey="`basename $image .img`.key" + cp $basekey $imagekey + cp $basekey.pub $imagekey.pub + + # Re-evaluate this if there's a custom SSH key. + __kvmx_ssh_command $basekey + fi fi else kvmx-create $GLOBAL_USER_CONFIG_FOLDER/$VM diff --git a/kvmx-create b/kvmx-create index 31646eb..38405a3 100755 --- a/kvmx-create +++ b/kvmx-create @@ -94,7 +94,7 @@ function kvmx_sudo_run { # Make sure there is provision config. function kvmx_config { - kvmx_user_config image /var/cache/qemu/debian/box.img "Destination image" + kvmx_user_config image /var/cache/qemu/debian/box.img "Destination image (ending in .img)" kvmx_user_config size 3G "Image size" kvmx_user_config format qcow2 "Image format: raw or qcow2" kvmx_user_config method custom "Bootstrap method: custom or vmdeboostrap" @@ -241,11 +241,23 @@ function kvmx_create_custom { # Initial user kvmx_sudo_run chroot $WORK/ useradd user -G sudo -s /bin/bash - kvmx_sudo_run chroot $WORK/ mkdir -p /home/user/.ssh - kvmx_sudo_run chroot $WORK/ chmod 700 /home/user/.ssh - kvmx_sudo_run cp $DIRNAME/share/ssh/insecure_private_key.pub $WORK/home/user/.ssh/authorized_keys - kvmx_sudo_run chroot $WORK/ chmod 600 /home/user/.ssh/authorized_keys - kvmx_sudo_run touch $WORK/home/user/.hushlogin + + if [ "$ssh_support" == "y" ]; + if [ "$ssh_custom" == "y" ]; then + privkey="`dirname $image`/`basename $image .img`.key" + pubkey="${privkey}.pub" + ssh-keygen -t rsa -b 4096 -f $privkey -N '' -C "user@`basename $image .img`" + else + pubkey="$DIRNAME/share/ssh/insecure_private_key.pub" + fi + + kvmx_sudo_run chroot $WORK/ mkdir -p /home/user/.ssh + kvmx_sudo_run chroot $WORK/ chmod 700 /home/user/.ssh + kvmx_sudo_run cp $pubkey $WORK/home/user/.ssh/authorized_keys + kvmx_sudo_run chroot $WORK/ chmod 600 /home/user/.ssh/authorized_keys + kvmx_sudo_run touch $WORK/home/user/.hushlogin + fi + kvmx_sudo_run chroot $WORK/ chown -R user.user /home/user echo 'user:user' | kvmx_sudo_run chroot $WORK/ chpasswd @@ -49,5 +49,16 @@ version="stretch" # Debian mirror mirror="http://http.debian.net/debian/" +# Enables remote administration using SSH. With this configuration enabled, +# kvmx will be able to administer a running virtual machine using SSH access +# inside the virtual machine. ssh_support="y" + +# Use a custom, per-virtual-machine generated SSH keypair. If you disable this +# configuration but still want guest administration using SSH, the default +# insecure keypair will be used. +# +# Please note that this setting won't take effect if you're using a basebox. +# In that case the basebox keypair will be used if it exists, otherwise kvmx +# fallsback to the default insecure keypair. ssh_custom="y" |