NuKVM/vagrant-libvirt
3
0
Fork 0
mirror of https://github.com/vagrant-libvirt/vagrant-libvirt.git synced 2025-02-25 18:55:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disable removal of host keys by default (#1315)

Browse Source 
Testing has shown that most boxes do not have the hosts keys removed as
it is non trivial to get them to regenerate on subsequent bring up.
Additionally vagrant uses `StrictHostKeyChecking=no` to ignore the host
keys so relying on them to provide any kind of security or identity of a
VM is pointless.

In the few cases where it is possible to have keys regenerate it should
be managed by how the box is cleaned up, and otherwise forced by a
provision script on first boot of the VM.

While it is possible to have a script executed via sysprep modify the
boot of the machine to ensure the keys are regenerated on the next boot,
this should either be built-in to occur automatically, and there by
assume the responsibility for ensuring host keys are replaced for each
VM packaged by vagrant-libvirt, or should default to the same behaviour
that appears to be common for many debian based boxes and simply not
attempt to remove the host keys. If removal is useful, it may be
re-enabled as needed. See #851 for a script that can be used to have
openssh-server reconfigured to trigger regenerating the keys.

A number of people have tried to fixed this previously and I failed to
understand then that they were correct. Have attributed co authorship of
this to all of the PRs authors that attempted to fix this over the
years.

Related: #759
Related: #873
Related: #955
Related: #994

Co-authored-by: Guillaume Penaud <gpenaud@xilopix.com>
Co-authored-by: Zak B. Elep <zakame@zakame.net>
This commit is contained in:
Darragh Bailey 2021-06-25 11:30:59 +01:00 committed by GitHub
parent 06fef8ba46
commit 8defd28871
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/vagrant-libvirt/action/package_domain.rb
View File

@ -50,7 +50,7 @@ module VagrantPlugins
# remove hw association with interface
# working for centos with lvs default disks
options = ENV.fetch('VAGRANT_LIBVIRT_VIRT_SYSPREP_OPTIONS', '')
operations = ENV.fetch('VAGRANT_LIBVIRT_VIRT_SYSPREP_OPERATIONS', 'defaults,-ssh-userdir,-customize')
operations = ENV.fetch('VAGRANT_LIBVIRT_VIRT_SYSPREP_OPERATIONS', 'defaults,-ssh-userdir,-ssh-hostkeys,-customize')
`virt-sysprep --no-logfile --operations #{operations} -a #{@tmp_img} #{options}`
`virt-sparsify --in-place #{@tmp_img}`
# add any user provided file