ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    KVM - Virt-Manager on a Separate VM

    Scheduled Pinned Locked Moved IT Discussion
    kvmbeginnerlearninglab
    68 Posts 12 Posters 6.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StorageNinja Vendor @stacksofplates
      last edited by

      @stacksofplates I can break your 4096 bit encryption with $5.
      If your worried about state-level actors you have bigger concerns 🙂

      ObsolesceO stacksofplatesS 2 Replies Last reply Reply Quote -1
      • ObsolesceO
        Obsolesce
        last edited by Obsolesce

        @stacksofplates said in KVM - Virt-Manager on a Separate VM:

        @tim_g said in KVM - Virt-Manager on a Separate VM:

        @stacksofplates said in KVM - Virt-Manager on a Separate VM:

        @tim_g said in KVM - Virt-Manager on a Separate VM:

        Wtf is going on here... everyone is making it so difficult... it's not!

        Step 1: On your KVM host, run the following command:
        ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"

        Step 2: On your desktop/vm used to manage the KVM host, run the following command:
        ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"

        Step 3: On your desktop/VM, copy your public key:
        cat /home/username/.ssh/id_rsa.pub
        ...then copy it.

        Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
        vi /root/.ssh/authorized_keys
        ...then save the file.

        Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
        No password required.

        KkiIorg.png

        But see doing it this way has skipped a bunch of stuff that ssh-copy-id does. This will end up with more questions later on.

        I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.

        Seriously just generate the key (RSA is the default):

        ssh-keygen -b 4096
        

        and copy to the server:

        ssh-copy-id user@server
        

        Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.

        But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.

        hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?

        When I try to do a ssh-copy-id to my servers, I get this:

        Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
        

        This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.

        scottalanmillerS stacksofplatesS 2 Replies Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce @StorageNinja
          last edited by

          @storageninja said in KVM - Virt-Manager on a Separate VM:

          @stacksofplates I can break your 4096 bit encryption with $5.
          If your worried about state-level actors you have bigger concerns 🙂

          Challenge accepted.

          Pst me your email and I'll give you a key to break.

          Leave me an audit trail so I can confirm.

          S 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch
            last edited by

            @DustinB3403

            I use my user in the libvirt group so I do not have to bother with the root user.

            gpasswd -a jbusch libvirt
            

            Then this works.
            0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

            stacksofplatesS M DustinB3403D 3 Replies Last reply Reply Quote 4
            • scottalanmillerS
              scottalanmiller @Obsolesce
              last edited by

              @tim_g said in KVM - Virt-Manager on a Separate VM:

              When I try to do a ssh-copy-id to my servers, I get this:

              Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
              

              This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.

              @stacksofplates said in KVM - Virt-Manager on a Separate VM:

              @tim_g said in KVM - Virt-Manager on a Separate VM:

              @stacksofplates said in KVM - Virt-Manager on a Separate VM:

              @tim_g said in KVM - Virt-Manager on a Separate VM:

              Wtf is going on here... everyone is making it so difficult... it's not!

              Step 1: On your KVM host, run the following command:
              ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"

              Step 2: On your desktop/vm used to manage the KVM host, run the following command:
              ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"

              Step 3: On your desktop/VM, copy your public key:
              cat /home/username/.ssh/id_rsa.pub
              ...then copy it.

              Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
              vi /root/.ssh/authorized_keys
              ...then save the file.

              Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
              No password required.

              KkiIorg.png

              But see doing it this way has skipped a bunch of stuff that ssh-copy-id does. This will end up with more questions later on.

              I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.

              Seriously just generate the key (RSA is the default):

              ssh-keygen -b 4096
              

              and copy to the server:

              ssh-copy-id user@server
              

              Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.

              But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.

              hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?

              How did you get into that state? How do the initial keys get there?

              ObsolesceO 1 Reply Last reply Reply Quote 1
              • stacksofplatesS
                stacksofplates @Obsolesce
                last edited by

                @tim_g said in KVM - Virt-Manager on a Separate VM:

                When I try to do a ssh-copy-id to my servers, I get this:

                Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
                

                This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.

                Ok? We are talking about an initial hypervisor setup. Passwords are enabled by default. You copy your key, then shut the passwords off. Idk what the eff is going on here.....

                JaredBuschJ 1 Reply Last reply Reply Quote 0
                • stacksofplatesS
                  stacksofplates @JaredBusch
                  last edited by

                  @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                  @DustinB3403

                  I use my user in the libvirt group so I do not have to bother with the root user.

                  gpasswd -a jbusch libvirt
                  

                  Then this works.
                  0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                  Ya idk where the root thing came from.

                  1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @stacksofplates
                    last edited by

                    @stacksofplates said in KVM - Virt-Manager on a Separate VM:

                    Idk what the eff is going on here.....

                    Overcomplication of course.

                    1 Reply Last reply Reply Quote 1
                    • stacksofplatesS
                      stacksofplates @StorageNinja
                      last edited by

                      @storageninja said in KVM - Virt-Manager on a Separate VM:

                      @stacksofplates I can break your 4096 bit encryption with $5.
                      If your worried about state-level actors you have bigger concerns 🙂

                      I'm not worried about anything. I'm not the one that said anything about key security

                      1 Reply Last reply Reply Quote 0
                      • ObsolesceO
                        Obsolesce @scottalanmiller
                        last edited by

                        @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                        @tim_g said in KVM - Virt-Manager on a Separate VM:

                        When I try to do a ssh-copy-id to my servers, I get this:

                        Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
                        

                        This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.

                        @stacksofplates said in KVM - Virt-Manager on a Separate VM:

                        @tim_g said in KVM - Virt-Manager on a Separate VM:

                        @stacksofplates said in KVM - Virt-Manager on a Separate VM:

                        @tim_g said in KVM - Virt-Manager on a Separate VM:

                        Wtf is going on here... everyone is making it so difficult... it's not!

                        Step 1: On your KVM host, run the following command:
                        ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"

                        Step 2: On your desktop/vm used to manage the KVM host, run the following command:
                        ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"

                        Step 3: On your desktop/VM, copy your public key:
                        cat /home/username/.ssh/id_rsa.pub
                        ...then copy it.

                        Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
                        vi /root/.ssh/authorized_keys
                        ...then save the file.

                        Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
                        No password required.

                        KkiIorg.png

                        But see doing it this way has skipped a bunch of stuff that ssh-copy-id does. This will end up with more questions later on.

                        I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.

                        Seriously just generate the key (RSA is the default):

                        ssh-keygen -b 4096
                        

                        and copy to the server:

                        ssh-copy-id user@server
                        

                        Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.

                        But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.

                        hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?

                        How did you get into that state? How do the initial keys get there?

                        Salt.

                        stacksofplatesS 1 Reply Last reply Reply Quote 0
                        • M
                          mattbagan @JaredBusch
                          last edited by

                          @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                          @DustinB3403

                          I use my user in the libvirt group so I do not have to bother with the root user.

                          gpasswd -a jbusch libvirt
                          

                          Then this works.
                          0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                          Never tried it that way. I've always used:
                          usermod -a -G libvirt <username>

                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                          • stacksofplatesS
                            stacksofplates @Obsolesce
                            last edited by

                            @tim_g said in KVM - Virt-Manager on a Separate VM:

                            @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                            @tim_g said in KVM - Virt-Manager on a Separate VM:

                            When I try to do a ssh-copy-id to my servers, I get this:

                            Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
                            

                            This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.

                            @stacksofplates said in KVM - Virt-Manager on a Separate VM:

                            @tim_g said in KVM - Virt-Manager on a Separate VM:

                            @stacksofplates said in KVM - Virt-Manager on a Separate VM:

                            @tim_g said in KVM - Virt-Manager on a Separate VM:

                            Wtf is going on here... everyone is making it so difficult... it's not!

                            Step 1: On your KVM host, run the following command:
                            ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"

                            Step 2: On your desktop/vm used to manage the KVM host, run the following command:
                            ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"

                            Step 3: On your desktop/VM, copy your public key:
                            cat /home/username/.ssh/id_rsa.pub
                            ...then copy it.

                            Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
                            vi /root/.ssh/authorized_keys
                            ...then save the file.

                            Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
                            No password required.

                            KkiIorg.png

                            But see doing it this way has skipped a bunch of stuff that ssh-copy-id does. This will end up with more questions later on.

                            I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.

                            Seriously just generate the key (RSA is the default):

                            ssh-keygen -b 4096
                            

                            and copy to the server:

                            ssh-copy-id user@server
                            

                            Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.

                            But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.

                            hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?

                            How did you get into that state? How do the initial keys get there?

                            Salt.

                            On a physical hypervisor initial install. How do you do that?

                            1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @mattbagan
                              last edited by

                              @mattbagan said in KVM - Virt-Manager on a Separate VM:

                              Never tried it that way. I've always used:
                              usermod -a -G libvirt <username>

                              both ways get the same job done.

                              1 Reply Last reply Reply Quote 2
                              • S
                                StorageNinja Vendor @Obsolesce
                                last edited by StorageNinja

                                @tim_g said in KVM - Virt-Manager on a Separate VM:

                                @storageninja said in KVM - Virt-Manager on a Separate VM:

                                @stacksofplates I can break your 4096 bit encryption with $5.
                                If your worried about state-level actors you have bigger concerns 🙂

                                Challenge accepted.

                                Pst me your email and I'll give you a key to break.

                                Leave me an audit trail so I can confirm.

                                I assume you'll just ship me a beer and call it even?

                                security.png

                                ObsolesceO 1 Reply Last reply Reply Quote 2
                                • ObsolesceO
                                  Obsolesce @StorageNinja
                                  last edited by

                                  @storageninja said in KVM - Virt-Manager on a Separate VM:

                                  @tim_g said in KVM - Virt-Manager on a Separate VM:

                                  @storageninja said in KVM - Virt-Manager on a Separate VM:

                                  @stacksofplates I can break your 4096 bit encryption with $5.
                                  If your worried about state-level actors you have bigger concerns 🙂

                                  Challenge accepted.

                                  Pst me your email and I'll give you a key to break.

                                  Leave me an audit trail so I can confirm.

                                  I assume you'll just ship me a beer and call it even?

                                  security.png

                                  Ha, sounds good.

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    Who spends $5 on a wrench?

                                    travisdh1T ObsolesceO 2 Replies Last reply Reply Quote 0
                                    • travisdh1T
                                      travisdh1 @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                                      Who spends $5 on a wrench?

                                      Anyone who goes to a brick and mortar store.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • ObsolesceO
                                        Obsolesce @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                                        Who spends $5 on a wrench?

                                        THe cheapest one I found on Amazon is $4.22. Better hope that comes with free shipping.
                                        https://www.amazon.com/s/ref=sr_st_price-asc-rank?keywords=wrench&fst=as%3Aon&rh=n%3A228013%2Cn%3A328182011%2Cn%3A551238%2Ck%3Awrench&qid=1512762244&sort=price-asc-rank

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @travisdh1
                                          last edited by

                                          @travisdh1 said in KVM - Virt-Manager on a Separate VM:

                                          @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                                          Who spends $5 on a wrench?

                                          Anyone who goes to a brick and mortar store.

                                          See.... you'd just use a brick for a fraction of the price.

                                          travisdh1T 1 Reply Last reply Reply Quote 1
                                          • travisdh1T
                                            travisdh1 @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                                            @travisdh1 said in KVM - Virt-Manager on a Separate VM:

                                            @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                                            Who spends $5 on a wrench?

                                            Anyone who goes to a brick and mortar store.

                                            See.... you'd just use a brick for a fraction of the price.

                                            Just steal a loose brick!

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post