Re: [pve-devel] [PATCH qemu-server] cloud-init: don't regenerate ssh hosts key on config change when vm is running

Thu, 14 Jan 2021 07:20:27 -0800 

>>We could add vendor data and put the ssh keys there:
>>> 
>>> https://cloudinit.readthedocs.io/en/latest/topics/vendordata.html
>>> 
technically, it's possible to add host ssh keys with 


ssh_keys:
    rsa_private: |
        -----BEGIN RSA PRIVATE KEY-----
        MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qco
        ...
        -----END RSA PRIVATE KEY-----
    rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7Xd 


I had asked about it some months ago,but Dietmar didn't want it
https://lists.proxmox.com/pipermail/pve-devel/2020-June/044104.html
"
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Jeudi 25 Juin 2020 11:00:10
Objet: Re: [pve-devel] cloudinit: generate server ssh keys on proxmox
side ?

> Maybe could we generate them once at proxmox side ? 

-1 

Copying private keys is bad .
"



I wasn't aware about ssh_deletekeys at this time, 
but it seem a better way to manage this.(keep sshkey generation inside
the vm, but do it only once)



Le mercredi 13 janvier 2021 à 12:26 +0100, Mira Limbeck a écrit :
> We could add vendor data and put the ssh keys there:
> 
> https://cloudinit.readthedocs.io/en/latest/topics/vendordata.html
> 
> 
> On 1/13/21 10:01 AM, Alexandre Derumier wrote:
> > Currently, we always regenerate sshkeys on any config change.
> > 
> > It should be done only before the first vm start, but currently
> > can't known that.
> > 
> > So, this patch only do it when vm is running.
> > 
> > Signed-off-by: Alexandre Derumier<aderum...@odiso.com>
> > ---
> >   PVE/QemuServer/Cloudinit.pm | 2 ++
> >   1 file changed, 2 insertions(+)
> > 
> > diff --git a/PVE/QemuServer/Cloudinit.pm
> > b/PVE/QemuServer/Cloudinit.pm
> > index 52a4203..dd643c1 100644
> > --- a/PVE/QemuServer/Cloudinit.pm
> > +++ b/PVE/QemuServer/Cloudinit.pm
> > @@ -135,6 +135,8 @@ sub cloudinit_userdata {
> >             $content .= "  - $k\n";
> >         }
> >       }
> > +    $content .= "ssh_deletekeys: false\n" if
> > PVE::QemuServer::check_running($vmid);
> > +
> >       $content .= "chpasswd:\n";
> >       $content .= "  expire: False\n";
> >   
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to