KVM - Virt-Manager on a Separate VM
-
@travisdh1 said in KVM - Virt-Manager on a Separate VM:
@emad-r said in KVM - Virt-Manager on a Separate VM:
This KVM issue keeps popping up from users every now and then I am talking about the root password prompts.
If I recall this is like 4th time I see topic opened for itYeah. If you want to run as a non-root user, you need to add your user account to the group created for kvm (I'm blanking on what it's called and don't have access to my lab to check at the office here, doh!)
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
You also need to have your user added to the libvirt group on the KVM host.
keys are the best way to go.
-
@dustinb3403 said in KVM - Virt-Manager on a Separate VM:
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
did you put in a password for the key encryption?
As Travis said, use ssh-copy-id user@remotehost
Nope, no password when generating the key. Just blank.
The key is copied to the KVM server, and I can ssh into it with just ```ssh '[email protected]'
std config for libvirt doesn't allow non root to operate kvm. you must adjust it either changing the config or generating keys for root and run virt-manager with sudo
-
@dustinb3403 said in KVM - Virt-Manager on a Separate VM:
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@dustinb3403 said in KVM - Virt-Manager on a Separate VM:
Of course I can just create a directory on the server and then download ISO's directly into it. . .
But I'd rather not. Hrm. . it works, but seems weird.
Well I do not download from the KVM server, I do always have a "iso_store" folder on my KVM server that I have ISO files in.
Sometimes it is a remote share mounted, most of the time it is local to the /root partition.
Yea so what I did is I SSH'd to the server, and ran sudo mkdir /media/iso and then ran wget <url.iso> and it works. But it seems like the wrong way to have to do this. . .
I think that's the way everyone does it.
-
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
@dustinb3403 said in KVM - Virt-Manager on a Separate VM:
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@dustinb3403 said in KVM - Virt-Manager on a Separate VM:
Of course I can just create a directory on the server and then download ISO's directly into it. . .
But I'd rather not. Hrm. . it works, but seems weird.
Well I do not download from the KVM server, I do always have a "iso_store" folder on my KVM server that I have ISO files in.
Sometimes it is a remote share mounted, most of the time it is local to the /root partition.
Yea so what I did is I SSH'd to the server, and ran sudo mkdir /media/iso and then ran wget <url.iso> and it works. But it seems like the wrong way to have to do this. . .
I think that's the way everyone does it.
as @JaredBusch said. wget on local machine then scp to server iso folder (and set that folder as a libvirt storage)
-
Wtf is going on here... everyone is making it so difficult... it's not!
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"
Step 3: On your desktop/VM, copy your public key:
cat /home/username/.ssh/id_rsa.pub
...then copy it.Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
vi /root/.ssh/authorized_keys
...then save the file.Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
No password required. -
@tim_g said in KVM - Virt-Manager on a Separate VM:
Wtf is going on here... everyone is making it so difficult... it's not!
OMG why are you making this so hard!
Step 3:
ssh-copy-id 10.X.X.X
Enter password when prompted.Remove step 4.
-
@tim_g said in KVM - Virt-Manager on a Separate VM:
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"Why are you doing this? You want some specific thing? Because the act of having SSH on your system generates a key. Are defaults not good enough for you.
-
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"Why are you doing this? You want some specific thing? Because the act of having SSH on your system generates a key. Are defaults not good enough for you.
Definitely not in this case. I always prefer to use RSA 4096... I think the default ones there in the /etc/ssh directory are 2048.
-
@tim_g said in KVM - Virt-Manager on a Separate VM:
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"Why are you doing this? You want some specific thing? Because the act of having SSH on your system generates a key. Are defaults not good enough for you.
I think the default ones there in the /etc/ssh directory are 2048.
They are.
-
@tim_g said in KVM - Virt-Manager on a Separate VM:
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"Why are you doing this? You want some specific thing? Because the act of having SSH on your system generates a key. Are defaults not good enough for you.
Definitely not in this case. I always prefer to use RSA 4096...
But you are over complicating this also. For what reason? Just because you want a 4096 key over a 2048?
-
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"Why are you doing this? You want some specific thing? Because the act of having SSH on your system generates a key. Are defaults not good enough for you.
Definitely not in this case. I always prefer to use RSA 4096...
But you are over complicating this also. For what reason? Just because you want a 4096 key over a 2048?
Yes.
Over-complicating? Definitely not. It takes 5 extra seconds to ensure you can use your key securely.
-
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
@jaredbusch said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"Why are you doing this? You want some specific thing? Because the act of having SSH on your system generates a key. Are defaults not good enough for you.
Definitely not in this case. I always prefer to use RSA 4096...
But you are over complicating this also. For what reason? Just because you want a 4096 key over a 2048?
-
@tim_g said in KVM - Virt-Manager on a Separate VM:
Wtf is going on here... everyone is making it so difficult... it's not!
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"
Step 3: On your desktop/VM, copy your public key:
cat /home/username/.ssh/id_rsa.pub
...then copy it.Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
vi /root/.ssh/authorized_keys
...then save the file.Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
No password required.But see doing it this way has skipped a bunch of stuff that
ssh-copy-id
does. This will end up with more questions later on.I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.
Seriously just generate the key (RSA is the default):
ssh-keygen -b 4096
and copy to the server:
ssh-copy-id user@server
Make sure the user on the server is in the
libvirt
group and use that user in Virt-Manager.Done.
-
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Wtf is going on here... everyone is making it so difficult... it's not!
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"
Step 3: On your desktop/VM, copy your public key:
cat /home/username/.ssh/id_rsa.pub
...then copy it.Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
vi /root/.ssh/authorized_keys
...then save the file.Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
No password required.But see doing it this way has skipped a bunch of stuff that
ssh-copy-id
does. This will end up with more questions later on.I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.
Seriously just generate the key (RSA is the default):
ssh-keygen -b 4096
and copy to the server:
ssh-copy-id user@server
Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.
But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.
-
@tim_g said in KVM - Virt-Manager on a Separate VM:
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Wtf is going on here... everyone is making it so difficult... it's not!
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"
Step 3: On your desktop/VM, copy your public key:
cat /home/username/.ssh/id_rsa.pub
...then copy it.Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
vi /root/.ssh/authorized_keys
...then save the file.Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
No password required.But see doing it this way has skipped a bunch of stuff that
ssh-copy-id
does. This will end up with more questions later on.I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.
Seriously just generate the key (RSA is the default):
ssh-keygen -b 4096
and copy to the server:
ssh-copy-id user@server
Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.
But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.
hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?
-
@stacksofplates I can break your 4096 bit encryption with $5.
If your worried about state-level actors you have bigger concerns -
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Wtf is going on here... everyone is making it so difficult... it's not!
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"
Step 3: On your desktop/VM, copy your public key:
cat /home/username/.ssh/id_rsa.pub
...then copy it.Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
vi /root/.ssh/authorized_keys
...then save the file.Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
No password required.But see doing it this way has skipped a bunch of stuff that
ssh-copy-id
does. This will end up with more questions later on.I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.
Seriously just generate the key (RSA is the default):
ssh-keygen -b 4096
and copy to the server:
ssh-copy-id user@server
Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.
But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.
hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?
When I try to do a ssh-copy-id to my servers, I get this:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.
-
@storageninja said in KVM - Virt-Manager on a Separate VM:
@stacksofplates I can break your 4096 bit encryption with $5.
If your worried about state-level actors you have bigger concernsChallenge accepted.
Pst me your email and I'll give you a key to break.
Leave me an audit trail so I can confirm.
-
I use my user in the libvirt group so I do not have to bother with the root user.
gpasswd -a jbusch libvirt
Then this works.
-
@tim_g said in KVM - Virt-Manager on a Separate VM:
When I try to do a ssh-copy-id to my servers, I get this:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
@stacksofplates said in KVM - Virt-Manager on a Separate VM:
@tim_g said in KVM - Virt-Manager on a Separate VM:
Wtf is going on here... everyone is making it so difficult... it's not!
Step 1: On your KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"
Step 2: On your desktop/vm used to manage the KVM host, run the following command:
ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"
Step 3: On your desktop/VM, copy your public key:
cat /home/username/.ssh/id_rsa.pub
...then copy it.Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
vi /root/.ssh/authorized_keys
...then save the file.Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
No password required.But see doing it this way has skipped a bunch of stuff that
ssh-copy-id
does. This will end up with more questions later on.I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.
Seriously just generate the key (RSA is the default):
ssh-keygen -b 4096
and copy to the server:
ssh-copy-id user@server
Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.
But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.
hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?
How did you get into that state? How do the initial keys get there?