9.6.2. Configure SSH by using the virtctl CLI tool
You can add a public SSH key to a virtual machine (VM) and connect to the VM by running the virtctl ssh command, or add the virtctl port-foward command to your .ssh/config file and connect to the VM by using OpenSSH.
The virtctl ssh command method is not recommended for high traffic loads because it places a burden on the API server.
You can add public SSH keys to Red Hat Enterprise Linux (RHEL) 9 VMs at runtime or at first boot to VMs with guest operating systems that can be configured by using a cloud-init data source.
You can copy the virtctl ssh command in the web console by selecting Copy SSH command from the options
menu beside a VM on the VirtualMachines page.
Alternatively, right-click the VM in the tree view and select Copy SSH command from the menu to copy the virtctl ssh command.
9.6.2.1. About static and dynamic SSH key management 링크 복사링크가 클립보드에 복사되었습니다!
You can add public SSH keys to virtual machines (VMs) statically at first boot or dynamically at runtime.
Only Red Hat Enterprise Linux (RHEL) 9 supports dynamic key injection.
9.6.2.1.1. Static SSH key management 링크 복사링크가 클립보드에 복사되었습니다!
You can add a statically managed SSH key to a VM with a guest operating system that supports configuration by using a cloud-init data source. The key is added to the virtual machine (VM) at first boot.
You can add the key by using one of the following methods:
- Add a key to a single VM when you create it by using the web console or the command line.
- Add a key to a project by using the web console. Afterwards, the key is automatically added to the VMs that you create in this project.
Use cases:
- As a VM owner, you can provision all your newly created VMs with a single key.
9.6.2.1.2. Dynamic SSH key management 링크 복사링크가 클립보드에 복사되었습니다!
You can enable dynamic SSH key management for a VM with Red Hat Enterprise Linux (RHEL) 9 installed. Afterwards, you can update the key during runtime. The key is added by the QEMU guest agent, which is installed with Red Hat boot sources.
When dynamic key management is disabled, the default key management setting of a VM is determined by the image used for the VM.
Use cases:
-
Granting or revoking access to VMs: As a cluster administrator, you can grant or revoke remote VM access by adding or removing the keys of individual users from a
Secretobject that is applied to all VMs in a namespace. - User access: You can add your access credentials to all VMs that you create and manage.
Ansible provisioning:
- As an operations team member, you can create a single secret that contains all the keys used for Ansible provisioning.
- As a VM owner, you can create a VM and attach the keys used for Ansible provisioning.
Key rotation:
- As a cluster administrator, you can rotate the Ansible provisioner keys used by VMs in a namespace.
- As a workload owner, you can rotate the key for the VMs that you manage.