webvirtcloud
webvirtcloud copied to clipboard
retspen
Problem with SSH keys
I'm using this Dockerfile to build my image:
https://github.com/retspen/webvirtcloud/blob/master/Dockerfile
But as the default user of the container is root I'm having some problems with SSH. The key generated is for the user www-data and not for root when I try to connect with the command ssh root@compute1 the password is requested.
Documentation settings:
chown www-data -R ~www-data
sudo -u www-data ssh-keygen
cat > ~www-data/.ssh/config << EOF
Host *
StrictHostKeyChecking no
EOF
chown www-data -R ~www-data/.ssh/config
To try to get around the problem, I generated the keys for root with the commands below:
ssh-keygen
cat > ~root/.ssh/config << EOF
Host *
StrictHostKeyChecking no
EOF
ssh-copy-id root@compute1
ssh root@compute1
This way the password was no longer requested.
Is there a better way to do these settings?
Note: "passphrase" was not defined when generating the keys. The password requested is the KVM host password.
The correct way to share ssh key with compute is:
chown www-data -R ~www-data/.ssh/
setuser www-data ssh-keygen -f ~www-data/.ssh/id_rsa -q -N ""
setuser www-data ssh-copy-id root@compute1
and then check it
setuser www-data ssh-copy-id root@compute1
I tested it and it worked correctly. Thank you.
When evaluating compute node security. Is it better to use a user other than root? Do you use another user?
yes you can/should manage with a user other than root. To make this, you must configure host libvirt.conf. there are many resources how you can do that;
- https://computingforgeeks.com/use-virt-manager-as-non-root-user/ (virt-manager is like webvirtcloud but only works desktop env.
- https://www.poftut.com/use-virt-manager-libvirt-normal-user-without-root-privileges-without-asking-password/
