On Tue, Sep 24, 2019 at 12:02:44PM +0200, Andrea Bolognani wrote: > On Tue, 2019-09-24 at 08:27 +0200, Erik Skultety wrote: > > On Mon, Sep 23, 2019 at 04:47:06PM -0400, Laine Stump wrote: > > > On 9/23/19 1:27 PM, Erik Skultety wrote: > > > > The nwfilter 220-no-ip-spoofing.t test relies on an SSH connection to > > > > the test VM. However, because the domain definition passed to libvirt > > > > lacks an RNG device, the SSH server isn't started inside the guest > > > > (even though that is the default on virt-builder images) and therefore: > > > > > > > > "ssh: connect to host 192.168.122.227 port 22: Connection refused" > > > > > > Strange that this has never happened to me. Is it perhaps because I'm using > > > a very old cached image from virt-builder, and had started it up manually at > > > some time in the past (thus giving it a long enough time to generate the > > > keys, which are now stored away for posterity)? > > > > Btw I always thought that the keys are generated during the package > > installation rather than first execution of the daemon, clearly I was wrong. > > I'm going to go out on a limb and assume virt-builder templates get > their keys ripped out explicitly as part of the building process, > because of course you wouldn't want all guests created from the same > virt-builder template to share a single set of SSH keys, now would > you? :) That makes a lot of sense, they do sanitize the images indeed. (btw I read somewhere that under some circumstances you'd want to share the server keys in a cluster environment, unfortunately the author of the article didn't bother explaining, so I'm taking that information with a grain of salt) Thanks, Erik -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
