Half-baked ideas: random root passwords for VMs

For more half-baked ideas, see my “ideas” tag.

This is an easy idea to simplify Fedora installations.

When anaconda detects it is running inside a VM, instead of asking the user for a root password, it just creates a completely random root password. This password gets written to a local file during the install.

Now you can’t log into a VM easily if you don’t know the root password. But, you can read files out of the VM using virt-cat. So on the host there is a “ssh as root” script which grabs the random root password out of the guest and lets you log in without knowing or needing to know the root password.

4 Comments

Filed under Uncategorized

4 responses to “Half-baked ideas: random root passwords for VMs

  1. Joshua Jackson

    It’s a cool application for virt-cat, but wouldn’t it make more sense to use ssh dsa keys for this?

  2. How about making that script add the host’s /root/.ssh/id_rsa.pub to the guest’s /root/.ssh/authorized_keys2?

    Then there’s no plaintext file with the root password to worry about.

  3. rich

    Sure, that’ll be why it’s a half-baked idea. But we are considering something like this so we can talk to a password-protected daemon in guests. Guests would generate a random key and write it to a file, and this file would then be shared with the host, so the host can access the daemon.

  4. Well…

    Populate the guest’s authorized_keys using kickstart or something. (I think that should happen with all installed machines, virtual or not.)

    Read the guest’s public key and put it in the host’s known_hosts. (But all installed machines, virtual or not, should publish their public keys “somewhere”.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s