For more half-baked ideas, see my “ideas” tag.
This is an easy idea to simplify Fedora installations.
When anaconda detects it is running inside a VM, instead of asking the user for a root password, it just creates a completely random root password. This password gets written to a local file during the install.
Now you can’t log into a VM easily if you don’t know the root password. But, you can read files out of the VM using virt-cat. So on the host there is a “ssh as root” script which grabs the random root password out of the guest and lets you log in without knowing or needing to know the root password.
4 responses to “Half-baked ideas: random root passwords for VMs”
It’s a cool application for virt-cat, but wouldn’t it make more sense to use ssh dsa keys for this?
How about making that script add the host’s /root/.ssh/id_rsa.pub to the guest’s /root/.ssh/authorized_keys2?
Then there’s no plaintext file with the root password to worry about.
Sure, that’ll be why it’s a half-baked idea. But we are considering something like this so we can talk to a password-protected daemon in guests. Guests would generate a random key and write it to a file, and this file would then be shared with the host, so the host can access the daemon.
Populate the guest’s authorized_keys using kickstart or something. (I think that should happen with all installed machines, virtual or not.)
Read the guest’s public key and put it in the host’s known_hosts. (But all installed machines, virtual or not, should publish their public keys “somewhere”.)