## Further development
-* Support for custom SSH keypair per virtual machine.
* Remount shared folders and reinitialize spice-vdagent upon resume from disk.
* More params (memory, cpus, ssh, serial console, additional shared folders, etc).
* Integration with [image-bootstrap](https://github.com/hartwork/image-bootstrap).
fi
}
+# Build a SSH command
+function __kvmx_ssh_command {
+ SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o ProxyCommand=none -i $1"
+}
+
# Initialize
function __kvmx_initialize {
__kvmx_set_app_base
SSHKEY="$APP_BASE/share/ssh/insecure_private_key"
fi
- SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o ProxyCommand=none -i $SSHKEY"
+ __kvmx_ssh_command $SSHKEY
mkdir -p $STATE_DIR
if [ ! -z "$basebox" ]; then
if [ -e "$GLOBAL_USER_CONFIG_FOLDER/$basebox" ]; then
baseimage="`kvmx list_image $basebox`"
+ basekey="`basename $baseimage .img`.key"
if [ ! -e "$baseimage" ]; then
echo "$BASENAME: could not find basebox $baseimage. Please create it first."
echo "Copying base image $baseimage to $image..."
cp $baseimage $image
+
+ if [ -e "$basekey" ]; then
+ imagekey="`basename $image .img`.key"
+ cp $basekey $imagekey
+ cp $basekey.pub $imagekey.pub
+
+ # Re-evaluate this if there's a custom SSH key.
+ __kvmx_ssh_command $basekey
+ fi
fi
else
kvmx-create $GLOBAL_USER_CONFIG_FOLDER/$VM
# Make sure there is provision config.
function kvmx_config {
- kvmx_user_config image /var/cache/qemu/debian/box.img "Destination image"
+ kvmx_user_config image /var/cache/qemu/debian/box.img "Destination image (ending in .img)"
kvmx_user_config size 3G "Image size"
kvmx_user_config format qcow2 "Image format: raw or qcow2"
kvmx_user_config method custom "Bootstrap method: custom or vmdeboostrap"
# Initial user
kvmx_sudo_run chroot $WORK/ useradd user -G sudo -s /bin/bash
- kvmx_sudo_run chroot $WORK/ mkdir -p /home/user/.ssh
- kvmx_sudo_run chroot $WORK/ chmod 700 /home/user/.ssh
- kvmx_sudo_run cp $DIRNAME/share/ssh/insecure_private_key.pub $WORK/home/user/.ssh/authorized_keys
- kvmx_sudo_run chroot $WORK/ chmod 600 /home/user/.ssh/authorized_keys
- kvmx_sudo_run touch $WORK/home/user/.hushlogin
+
+ if [ "$ssh_support" == "y" ];
+ if [ "$ssh_custom" == "y" ]; then
+ privkey="`dirname $image`/`basename $image .img`.key"
+ pubkey="${privkey}.pub"
+ ssh-keygen -t rsa -b 4096 -f $privkey -N '' -C "user@`basename $image .img`"
+ else
+ pubkey="$DIRNAME/share/ssh/insecure_private_key.pub"
+ fi
+
+ kvmx_sudo_run chroot $WORK/ mkdir -p /home/user/.ssh
+ kvmx_sudo_run chroot $WORK/ chmod 700 /home/user/.ssh
+ kvmx_sudo_run cp $pubkey $WORK/home/user/.ssh/authorized_keys
+ kvmx_sudo_run chroot $WORK/ chmod 600 /home/user/.ssh/authorized_keys
+ kvmx_sudo_run touch $WORK/home/user/.hushlogin
+ fi
+
kvmx_sudo_run chroot $WORK/ chown -R user.user /home/user
echo 'user:user' | kvmx_sudo_run chroot $WORK/ chpasswd
# Debian mirror
mirror="http://http.debian.net/debian/"
+# Enables remote administration using SSH. With this configuration enabled,
+# kvmx will be able to administer a running virtual machine using SSH access
+# inside the virtual machine.
ssh_support="y"
+
+# Use a custom, per-virtual-machine generated SSH keypair. If you disable this
+# configuration but still want guest administration using SSH, the default
+# insecure keypair will be used.
+#
+# Please note that this setting won't take effect if you're using a basebox.
+# In that case the basebox keypair will be used if it exists, otherwise kvmx
+# fallsback to the default insecure keypair.
ssh_custom="y"
projects / kvmx.git / commitdiff