Half-baked ideas: random root passwords for VMs

For more half-baked ideas, see my “ideas” tag.

This is an easy idea to simplify Fedora installations.

When anaconda detects it is running inside a VM, instead of asking the user for a root password, it just creates a completely random root password. This password gets written to a local file during the install.

Now you can’t log into a VM easily if you don’t know the root password. But, you can read files out of the VM using virt-cat. So on the host there is a “ssh as root” script which grabs the random root password out of the guest and lets you log in without knowing or needing to know the root password.


Filed under Uncategorized

4 responses to “Half-baked ideas: random root passwords for VMs

  1. Joshua Jackson

    It’s a cool application for virt-cat, but wouldn’t it make more sense to use ssh dsa keys for this?

  2. How about making that script add the host’s /root/.ssh/id_rsa.pub to the guest’s /root/.ssh/authorized_keys2?

    Then there’s no plaintext file with the root password to worry about.

  3. rich

    Sure, that’ll be why it’s a half-baked idea. But we are considering something like this so we can talk to a password-protected daemon in guests. Guests would generate a random key and write it to a file, and this file would then be shared with the host, so the host can access the daemon.

  4. Well…

    Populate the guest’s authorized_keys using kickstart or something. (I think that should happen with all installed machines, virtual or not.)

    Read the guest’s public key and put it in the host’s known_hosts. (But all installed machines, virtual or not, should publish their public keys “somewhere”.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.