diff options
| -rwxr-xr-x | debvm-create | 3 | ||||
| -rwxr-xr-x | debvm-run | 3 | ||||
| -rwxr-xr-x | useraddhook/customize.sh | 34 |
3 files changed, 39 insertions, 1 deletions
diff --git a/debvm-create b/debvm-create index 3e25578..58094cc 100755 --- a/debvm-create +++ b/debvm-create @@ -42,6 +42,7 @@ By default, the hostname is B<testvm>. Install the given ssh public key file into the virtual machine image for the root user. This option also causes the ssh server to be installed. By default, no key or server is installed. +To connect to the vm, pass a port number to B<debvm-run> with the B<-s> option. =item B<-m> I<mirror>, B<--mirror>=I<mirror> @@ -297,7 +298,7 @@ set -- \ # add ssh key for root if test -n "$SSHKEY"; then set -- \ - '--customize-hook=mkdir -p "$1/root/.ssh"' \ + '--customize-hook=mkdir -m700 -p "$1/root/.ssh"' \ "--customize-hook=upload $SSHKEY /root/.ssh/authorized_keys" \ "$@" fi @@ -37,6 +37,9 @@ By default B<rootfs.ext4> in the working directory is used. =item B<-s> I<sshport>, B<--sshport>=I<sshport> If given, B<qemu> is configured to pass connections to I<127.0.0.1:sshport> to port 22 of the virtual machine. +You can connect to your virtual machine without updating your known hosts like this: + + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $sshport root@127.0.0.1 =item B<--> I<qemu options> diff --git a/useraddhook/customize.sh b/useraddhook/customize.sh new file mode 100755 index 0000000..a4390bd --- /dev/null +++ b/useraddhook/customize.sh @@ -0,0 +1,34 @@ +#!/bin/sh +# Copyright 2023 Johannes Schauer Marin Rodrigues <josch@debian.org> +# SPDX-License-Identifier: MIT +# +# Add a non-root user, add them to the sudo group and use the same authorized +# ssh keys as the root user. +# +# - the new user is called "user" +# - no password required for login +# - requires the passwd and coreutils packages installed inside the chroot +# - adds the new user to the sudo group if it exists +# - ~/.ssh/authorized_keys files is copied from root user if it exists +# +# Example usage: +# +# $ debvm-create -p sudo -k ~/.ssh/id_rsa.pub -- --hook-dir=.../useraddhook +# $ debvm-run -s 8022 +# $ ssh -l user -p 8022 127.0.0.1 whoami +# user +# $ ssh -l user -p 8022 127.0.0.1 sudo whoami +# root +# + +set -eu + +chroot "$1" useradd --home-dir /home/user --create-home --shell /bin/bash user +chroot "$1" passwd --delete user +if chroot "$1" getent group sudo >/dev/null; then + chroot "$1" usermod --append --groups sudo user +fi +if [ -e "$1"/root/.ssh/authorized_keys ]; then + chroot "$1" install -o user -g user -m 700 -d /home/user/.ssh + chroot "$1" install -o user -g user -t /home/user/.ssh /root/.ssh/authorized_keys +fi |