Hi,
On Thu, Dec 12, 2024 at 08:24:22AM -0800, Connor Kuehl wrote:
> Hmm, yeah, in this case, I don't see a more privacy-respecting
> alternative to doing this with the current version of qemu-ga.
>
> If the extent of your use case is limited to host ssh pubkeys, then
> I'd imagine it wouldn't be a hard sell to pitch the idea of adding
> some new RPCs to qemu-ga, like guest-ssh-get-host-publickeys, seeing
> as there's already commands like
> guest-ssh-{get,set,remove}-authorized-keys.
>
> Then your customer VMs' qemu-ga.conf can specify just
> guest-ssh-get-host-publickeys in the allowlist.
>
> Maybe upstream would also be amenable to a more minimal interface as
> you've already described of allowing the guest to assign key,value pairs
> and adding a RPC to allow the hypervisor to fetch bits of data that way.
> Though, it would probably require a fair bit more design before the
> implementation arrives.What we tried now was writing a small addition on the hypervisor listening on a serial on all VMs - so we simply create VMs with an additional serial which had a minimalistic API to send key/value pairs via a serial to the hypervisors service. For obvious reasons one would rather like a more standardised approach. Flo -- Florian Lohoff f...@zz.de Any sufficiently advanced technology is indistinguishable from magic.
signature.asc
Description: PGP signature
