ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    KVM - Virt-Manager on a Separate VM

    Scheduled Pinned Locked Moved IT Discussion
    kvmbeginnerlearninglab
    68 Posts 12 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mattbagan @JaredBusch
      last edited by

      @jaredbusch said in KVM - Virt-Manager on a Separate VM:

      @DustinB3403

      I use my user in the libvirt group so I do not have to bother with the root user.

      gpasswd -a jbusch libvirt
      

      Then this works.
      0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

      Never tried it that way. I've always used:
      usermod -a -G libvirt <username>

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • stacksofplatesS
        stacksofplates @Obsolesce
        last edited by

        @tim_g said in KVM - Virt-Manager on a Separate VM:

        @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

        @tim_g said in KVM - Virt-Manager on a Separate VM:

        When I try to do a ssh-copy-id to my servers, I get this:

        Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
        

        This is expected, as I do not allow root logon, I do not allow password auth, and only allow RSA key based authentication.

        @stacksofplates said in KVM - Virt-Manager on a Separate VM:

        @tim_g said in KVM - Virt-Manager on a Separate VM:

        @stacksofplates said in KVM - Virt-Manager on a Separate VM:

        @tim_g said in KVM - Virt-Manager on a Separate VM:

        Wtf is going on here... everyone is making it so difficult... it's not!

        Step 1: On your KVM host, run the following command:
        ssh-keygen -t rsa -b 4096 -C "KVM01_Root_SSHKey"

        Step 2: On your desktop/vm used to manage the KVM host, run the following command:
        ssh-keygen -t rsa -b 4096 -C "PCName_userName_SSHKey"

        Step 3: On your desktop/VM, copy your public key:
        cat /home/username/.ssh/id_rsa.pub
        ...then copy it.

        Step 4: On your KVM Host, paste what you copy in Step 3 into the file here:
        vi /root/.ssh/authorized_keys
        ...then save the file.

        Step 5: On your desktop/VM using virt-manager, add the server like below... type in the host name then click connect.
        No password required.

        KkiIorg.png

        But see doing it this way has skipped a bunch of stuff that ssh-copy-id does. This will end up with more questions later on.

        I would be willing to be dollars to donuts if someone uses this they will have to change permissions on that authorized_keys file because it's not created by defualt.

        Seriously just generate the key (RSA is the default):

        ssh-keygen -b 4096
        

        and copy to the server:

        ssh-copy-id user@server
        

        Yes, but this assumes you've already got SSH going and unsecure enough to do a ssh-copy-id to the server. This isn't the case for me.

        But you are right, generally the ssh-copy-id is the way to go as I suppose I'm the only one here who does things securely, or this is done before securing SSH on the server.

        hahahahaha. Wtf are you talking about. What does "unsecure enough to do a ssh-copy-id" possibly mean?

        How did you get into that state? How do the initial keys get there?

        Salt.

        On a physical hypervisor initial install. How do you do that?

        1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @mattbagan
          last edited by

          @mattbagan said in KVM - Virt-Manager on a Separate VM:

          Never tried it that way. I've always used:
          usermod -a -G libvirt <username>

          both ways get the same job done.

          1 Reply Last reply Reply Quote 2
          • S
            StorageNinja Vendor @Obsolesce
            last edited by StorageNinja

            @tim_g said in KVM - Virt-Manager on a Separate VM:

            @storageninja said in KVM - Virt-Manager on a Separate VM:

            @stacksofplates I can break your 4096 bit encryption with $5.
            If your worried about state-level actors you have bigger concerns 🙂

            Challenge accepted.

            Pst me your email and I'll give you a key to break.

            Leave me an audit trail so I can confirm.

            I assume you'll just ship me a beer and call it even?

            security.png

            ObsolesceO 1 Reply Last reply Reply Quote 2
            • ObsolesceO
              Obsolesce @StorageNinja
              last edited by

              @storageninja said in KVM - Virt-Manager on a Separate VM:

              @tim_g said in KVM - Virt-Manager on a Separate VM:

              @storageninja said in KVM - Virt-Manager on a Separate VM:

              @stacksofplates I can break your 4096 bit encryption with $5.
              If your worried about state-level actors you have bigger concerns 🙂

              Challenge accepted.

              Pst me your email and I'll give you a key to break.

              Leave me an audit trail so I can confirm.

              I assume you'll just ship me a beer and call it even?

              security.png

              Ha, sounds good.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Who spends $5 on a wrench?

                travisdh1T ObsolesceO 2 Replies Last reply Reply Quote 0
                • travisdh1T
                  travisdh1 @scottalanmiller
                  last edited by

                  @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                  Who spends $5 on a wrench?

                  Anyone who goes to a brick and mortar store.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce @scottalanmiller
                    last edited by

                    @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                    Who spends $5 on a wrench?

                    THe cheapest one I found on Amazon is $4.22. Better hope that comes with free shipping.
                    https://www.amazon.com/s/ref=sr_st_price-asc-rank?keywords=wrench&fst=as%3Aon&rh=n%3A228013%2Cn%3A328182011%2Cn%3A551238%2Ck%3Awrench&qid=1512762244&sort=price-asc-rank

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @travisdh1
                      last edited by

                      @travisdh1 said in KVM - Virt-Manager on a Separate VM:

                      @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                      Who spends $5 on a wrench?

                      Anyone who goes to a brick and mortar store.

                      See.... you'd just use a brick for a fraction of the price.

                      travisdh1T 1 Reply Last reply Reply Quote 1
                      • travisdh1T
                        travisdh1 @scottalanmiller
                        last edited by

                        @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                        @travisdh1 said in KVM - Virt-Manager on a Separate VM:

                        @scottalanmiller said in KVM - Virt-Manager on a Separate VM:

                        Who spends $5 on a wrench?

                        Anyone who goes to a brick and mortar store.

                        See.... you'd just use a brick for a fraction of the price.

                        Just steal a loose brick!

                        1 Reply Last reply Reply Quote 0
                        • B
                          bnrstnr
                          last edited by

                          I've got an old CRT monitor sitting in the corner that could probably do the trick

                          1 Reply Last reply Reply Quote 1
                          • DustinB3403D
                            DustinB3403 @JaredBusch
                            last edited by DustinB3403

                            @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                            @DustinB3403

                            I use my user in the libvirt group so I do not have to bother with the root user.

                            gpasswd -a jbusch libvirt
                            

                            Then this works.
                            0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                            Holy fuck it took way to long to get to this point.

                            So here is the stupid approach. 
                            
                            ssh-keygen -t rsa
                            generating. . .
                            . . . 
                            . . . 
                            The key fingerprint is . . .
                            
                            ssh-copy-id -i /home/user/.ssh/d_rsa.pub user@kvm-server-ip
                            

                            Login with user@kvm-server-ip password

                            Test the login

                            Disconnect from the remote server and run this next bit on your management system.

                            gpasswd -a username libvirt and then run it on you kvm server assuming you're not using the "root" user.

                            Done, and it works.

                            @JaredBusch thanks for cutting through the bullshit and helping out here.

                            JaredBuschJ ObsolesceO 2 Replies Last reply Reply Quote 1
                            • JaredBuschJ
                              JaredBusch @DustinB3403
                              last edited by JaredBusch

                              @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                              Disconnect from the remote server and run this next bit on your management system.

                              gpasswd -a username libvirt

                              Run that on both systems. Assuming you are using your username and not root in the Virt-Manager connection.

                              DustinB3403D 1 Reply Last reply Reply Quote 1
                              • DustinB3403D
                                DustinB3403 @JaredBusch
                                last edited by

                                @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                                @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                Disconnect from the remote server and run this next bit on your management system.

                                gpasswd -a username libvirt

                                Run that on both systems. Assuming you are using your username and not root in the Virt-Manager connection.

                                Yeah, I did that before, Updating my previous comment.

                                1 Reply Last reply Reply Quote 0
                                • ObsolesceO
                                  Obsolesce @DustinB3403
                                  last edited by

                                  @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                  @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                                  @DustinB3403

                                  I use my user in the libvirt group so I do not have to bother with the root user.

                                  gpasswd -a jbusch libvirt
                                  

                                  Then this works.
                                  0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                                  Holy fuck it took way to long to get to this point.

                                  So here is the stupid approach. 
                                  
                                  ssh-keygen -t rsa
                                  generating. . .
                                  . . . 
                                  . . . 
                                  The key fingerprint is . . .
                                  
                                  ssh-copy-id -i /home/user/.ssh/d_rsa.pub user@kvm-server-ip
                                  

                                  Login with user@kvm-server-ip password

                                  Test the login

                                  Disconnect from the remote server and run this next bit on your management system.

                                  gpasswd -a username libvirt

                                  Done, and it works.

                                  @JaredBusch thanks for cutting through the bullshit and helping out here.

                                  Wyd you talking about. JARED mentioned that step like 3 posts down from your OP, and it was mentioned several other times as well.

                                  DustinB3403D 1 Reply Last reply Reply Quote 0
                                  • DustinB3403D
                                    DustinB3403 @Obsolesce
                                    last edited by

                                    @tim_g said in KVM - Virt-Manager on a Separate VM:

                                    @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                    @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                                    @DustinB3403

                                    I use my user in the libvirt group so I do not have to bother with the root user.

                                    gpasswd -a jbusch libvirt
                                    

                                    Then this works.
                                    0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                                    Holy fuck it took way to long to get to this point.

                                    So here is the stupid approach. 
                                    
                                    ssh-keygen -t rsa
                                    generating. . .
                                    . . . 
                                    . . . 
                                    The key fingerprint is . . .
                                    
                                    ssh-copy-id -i /home/user/.ssh/d_rsa.pub user@kvm-server-ip
                                    

                                    Login with user@kvm-server-ip password

                                    Test the login

                                    Disconnect from the remote server and run this next bit on your management system.

                                    gpasswd -a username libvirt

                                    Done, and it works.

                                    @JaredBusch thanks for cutting through the bullshit and helping out here.

                                    Wyd you talking about. JARED mentioned that step like 3 posts down from your OP, and it was mentioned several other times as well.

                                    Huh?

                                    Nothing was as simple as what I just did, Jared was getting to the point at the top of the topic, but there were additional steps I was missing (failed to do entirely). So I dumped all of the rsa keys, and started fresh.

                                    ObsolesceO 1 Reply Last reply Reply Quote 2
                                    • ObsolesceO
                                      Obsolesce @DustinB3403
                                      last edited by

                                      @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                      @tim_g said in KVM - Virt-Manager on a Separate VM:

                                      @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                      @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                                      @DustinB3403

                                      I use my user in the libvirt group so I do not have to bother with the root user.

                                      gpasswd -a jbusch libvirt
                                      

                                      Then this works.
                                      0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                                      Holy fuck it took way to long to get to this point.

                                      So here is the stupid approach. 
                                      
                                      ssh-keygen -t rsa
                                      generating. . .
                                      . . . 
                                      . . . 
                                      The key fingerprint is . . .
                                      
                                      ssh-copy-id -i /home/user/.ssh/d_rsa.pub user@kvm-server-ip
                                      

                                      Login with user@kvm-server-ip password

                                      Test the login

                                      Disconnect from the remote server and run this next bit on your management system.

                                      gpasswd -a username libvirt

                                      Done, and it works.

                                      @JaredBusch thanks for cutting through the bullshit and helping out here.

                                      Wyd you talking about. JARED mentioned that step like 3 posts down from your OP, and it was mentioned several other times as well.

                                      Huh?

                                      Nothing was as simple as what I just did, Jared was getting to the point at the top of the topic, but there were additional steps I was missing (failed to do entirely). So I dumped all of the rsa keys, and started fresh.

                                      The whole thing is taht simple.

                                      1. generate your ssh keys
                                      2. copy the ssh keys
                                      3. add to libvirt group (mentioned in beginning of thread and every other KVM related thread)

                                      Done. You can break that up into as many sub steps as you want, but that's what you do.

                                      DustinB3403D 1 Reply Last reply Reply Quote 1
                                      • DustinB3403D
                                        DustinB3403 @Obsolesce
                                        last edited by

                                        @tim_g said in KVM - Virt-Manager on a Separate VM:

                                        @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                        @tim_g said in KVM - Virt-Manager on a Separate VM:

                                        @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                        @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                                        @DustinB3403

                                        I use my user in the libvirt group so I do not have to bother with the root user.

                                        gpasswd -a jbusch libvirt
                                        

                                        Then this works.
                                        0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                                        Holy fuck it took way to long to get to this point.

                                        So here is the stupid approach. 
                                        
                                        ssh-keygen -t rsa
                                        generating. . .
                                        . . . 
                                        . . . 
                                        The key fingerprint is . . .
                                        
                                        ssh-copy-id -i /home/user/.ssh/d_rsa.pub user@kvm-server-ip
                                        

                                        Login with user@kvm-server-ip password

                                        Test the login

                                        Disconnect from the remote server and run this next bit on your management system.

                                        gpasswd -a username libvirt

                                        Done, and it works.

                                        @JaredBusch thanks for cutting through the bullshit and helping out here.

                                        Wyd you talking about. JARED mentioned that step like 3 posts down from your OP, and it was mentioned several other times as well.

                                        Huh?

                                        Nothing was as simple as what I just did, Jared was getting to the point at the top of the topic, but there were additional steps I was missing (failed to do entirely). So I dumped all of the rsa keys, and started fresh.

                                        The whole thing is taht simple.

                                        1. generate your ssh keys
                                        2. copy the ssh keys
                                        3. add to libvirt group (mentioned in beginning of thread and every other KVM related thread)

                                        Done. You can break that up into as many sub steps as you want, but that's what you do.

                                        nevermind. . .

                                        ObsolesceO 1 Reply Last reply Reply Quote 0
                                        • ObsolesceO
                                          Obsolesce @DustinB3403
                                          last edited by

                                          @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                          @tim_g said in KVM - Virt-Manager on a Separate VM:

                                          @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                          @tim_g said in KVM - Virt-Manager on a Separate VM:

                                          @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                          @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                                          @DustinB3403

                                          I use my user in the libvirt group so I do not have to bother with the root user.

                                          gpasswd -a jbusch libvirt
                                          

                                          Then this works.
                                          0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                                          Holy fuck it took way to long to get to this point.

                                          So here is the stupid approach. 
                                          
                                          ssh-keygen -t rsa
                                          generating. . .
                                          . . . 
                                          . . . 
                                          The key fingerprint is . . .
                                          
                                          ssh-copy-id -i /home/user/.ssh/d_rsa.pub user@kvm-server-ip
                                          

                                          Login with user@kvm-server-ip password

                                          Test the login

                                          Disconnect from the remote server and run this next bit on your management system.

                                          gpasswd -a username libvirt

                                          Done, and it works.

                                          @JaredBusch thanks for cutting through the bullshit and helping out here.

                                          Wyd you talking about. JARED mentioned that step like 3 posts down from your OP, and it was mentioned several other times as well.

                                          Huh?

                                          Nothing was as simple as what I just did, Jared was getting to the point at the top of the topic, but there were additional steps I was missing (failed to do entirely). So I dumped all of the rsa keys, and started fresh.

                                          The whole thing is taht simple.

                                          1. generate your ssh keys
                                          2. copy the ssh keys
                                          3. add to libvirt group (mentioned in beginning of thread and every other KVM related thread)

                                          Done. You can break that up into as many sub steps as you want, but that's what you do.

                                          nevermind. . .

                                          That's the entire point i tried to make in my 5-steps before it getting ripped apart for me wanting to use 4096 instead of 2048, and not using ssh-copy-id.

                                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @Obsolesce
                                            last edited by

                                            @tim_g said in KVM - Virt-Manager on a Separate VM:

                                            @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                            @tim_g said in KVM - Virt-Manager on a Separate VM:

                                            @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                            @tim_g said in KVM - Virt-Manager on a Separate VM:

                                            @dustinb3403 said in KVM - Virt-Manager on a Separate VM:

                                            @jaredbusch said in KVM - Virt-Manager on a Separate VM:

                                            @DustinB3403

                                            I use my user in the libvirt group so I do not have to bother with the root user.

                                            gpasswd -a jbusch libvirt
                                            

                                            Then this works.
                                            0_1512760351248_a5ddf1f5-ef56-46e1-b1a7-f9593c68a19c-image.png

                                            Holy fuck it took way to long to get to this point.

                                            So here is the stupid approach. 
                                            
                                            ssh-keygen -t rsa
                                            generating. . .
                                            . . . 
                                            . . . 
                                            The key fingerprint is . . .
                                            
                                            ssh-copy-id -i /home/user/.ssh/d_rsa.pub user@kvm-server-ip
                                            

                                            Login with user@kvm-server-ip password

                                            Test the login

                                            Disconnect from the remote server and run this next bit on your management system.

                                            gpasswd -a username libvirt

                                            Done, and it works.

                                            @JaredBusch thanks for cutting through the bullshit and helping out here.

                                            Wyd you talking about. JARED mentioned that step like 3 posts down from your OP, and it was mentioned several other times as well.

                                            Huh?

                                            Nothing was as simple as what I just did, Jared was getting to the point at the top of the topic, but there were additional steps I was missing (failed to do entirely). So I dumped all of the rsa keys, and started fresh.

                                            The whole thing is taht simple.

                                            1. generate your ssh keys
                                            2. copy the ssh keys
                                            3. add to libvirt group (mentioned in beginning of thread and every other KVM related thread)

                                            Done. You can break that up into as many sub steps as you want, but that's what you do.

                                            nevermind. . .

                                            That's the entire point i tried to make in my 5-steps before it getting ripped apart for me wanting to use 4096 instead of 2048, and not using ssh-copy-id.

                                            Because you were a twit about it.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post