help-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How best to set host key in vm

From: Ludovic Courtès
Subject: Re: How best to set host key in vm
Date: Thu, 15 Feb 2018 15:51:43 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) 
George myglc2 Clemmer <address@hidden> skribis:

> On 02/09/2018 at 11:02 Ludovic Courtès writes:
>
>> George myglc2 Clemmer <address@hidden> skribis:
>>
>>> I want to set the host key in 'guix system vm-image' so that updating a
>>> VM config does not break that VM's host key entry in my client machine
>>> ~/.ssh/knownhosts files.  AFAIK there is no direct way to do this. I
>>> tried this ...
>
>> The recommendation in this case is to use “out-of-band” storage—i.e.,
>> have the secrets stored in a place other than the store.
>>
>> For example, you could have an activation snippet that copies secret
>> files directly to /etc, along these lines (untested):
>>
>>   (simple-service 'copy-private-key activation-service-type
>>                   (with-imported-modules '((guix build utils))
>>                     #~(begin
>>                         (use-modules (guix build utils))
>>                         (mkdir-p "/etc/ssh")
>>                         (copy-file "/root/secrets/ssh_host_ed25519_key"
>>                                    "/etc/ssh/ssh_host_ed25519_key'))))
>>
>> That means you have to arrange for /root/secrets/ssh_host_ed25519_key to
>> exist in the first place, but that’s pretty much all we can do.
>
> Thank you. So what is an easily-automated way to populate /root/secrets?

Guix doesn’t have any helper module/tool for that yet.

Perhaps ‘guix system vm-image’ could include a ‘--copy’ option that
would copy a file from the host into the image.  We’d have to be careful
with the implementation to make sure that it doesn’t end up in the host
store nor in the guest store.

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]