On Tue, Sep 24, 2019 at 12:02:44PM +0200, Andrea Bolognani wrote:
On Tue, 2019-09-24 at 08:27 +0200, Erik Skultety wrote:
> On Mon, Sep 23, 2019 at 04:47:06PM -0400, Laine Stump wrote:
> > On 9/23/19 1:27 PM, Erik Skultety wrote:
> > > The nwfilter 220-no-ip-spoofing.t test relies on an SSH connection to
> > > the test VM. However, because the domain definition passed to libvirt
> > > lacks an RNG device, the SSH server isn't started inside the guest
> > > (even though that is the default on virt-builder images) and therefore:
> > >
> > > "ssh: connect to host 192.168.122.227 port 22: Connection
refused"
> >
> > Strange that this has never happened to me. Is it perhaps because I'm
using
> > a very old cached image from virt-builder, and had started it up manually at
> > some time in the past (thus giving it a long enough time to generate the
> > keys, which are now stored away for posterity)?
>
> Btw I always thought that the keys are generated during the package
> installation rather than first execution of the daemon, clearly I was wrong.
I'm going to go out on a limb and assume virt-builder templates get
their keys ripped out explicitly as part of the building process,
because of course you wouldn't want all guests created from the same
virt-builder template to share a single set of SSH keys, now would
you? :)
That makes a lot of sense, they do sanitize the images indeed.
(btw I read somewhere that under some circumstances you'd want to share the
server keys in a cluster environment, unfortunately the author of the article
didn't bother explaining, so I'm taking that information with a grain of salt)
Thanks,
Erik