Date: Thu, 14 Nov 2013 04:02:17 -0500 From: "Dee Nixon" <dnixon-fnre@nyclocal.net> To: "FreeBSD virtualization" <freebsd-virtualization@freebsd.org> Subject: RFD: Remote console access to bhyve guest instances? Message-ID: <a0383875a2cf7dc744e9f42de8e2ad41.squirrel@webmail.nyclocal.net>
next in thread | raw e-mail | index | archive | help
Problem scenario: A cloud provider (defined as someone who allows multiple end-users to create and manage their own guest instances without direct access to the host's operating system) needs to provide console access to each instance in a secure manner. If a cloud provider were to use bhyve in its current form, a cloud end-user could SSH into a guest instance, provided the instance is already installed and running, but the user could NOT do the following tasks, which can be performed only at the console: * OS installation * Recovering from a virtual =93hardware=94 or OS failure * Rebooting a halted machine A cloud end-user needs to be able to perform the above tasks on a guest instance without compromising the security of the host. Thus the end-user needs access to a virtual guest =93console=94 that enables the above tasks to be performed on a virtual machine =96 just as, on a physical machine, the above tasks could be performed via the physical machine's console. However, bhyve does not currently provide any means by which users can access a guest console without first logging into the host's console and/or performing some other task that is quite likely to have security issues. A few possible solutions: * Use some external program to pipe console I/O via a socket to the end-user? (but this would be hard to standardize) * Restricted login? (but this would have concurrency issues as to which user can access which guest instance) * Perhaps bhyve could add a console socket port for each guest instance? (Aryeh Friedman and I favor this idea, unless someone can suggest something better. If others think this is a good idea, we can write this addition to bhyve.) Does anyone have any other suggestions? The discussion of how to handle this problem should consider the following issues: * The solution must allow access to multiple guest consoles at once by multiple users * The solution must not require users of guest instances to have access to the host console, although these users may have limited access to the host by other means, such as SSH to a port dedicated to a specific guest. * The solution must not expose the host OS to other possible security issues either (remember, bhyve runs as root) * The solution must be scriptable. * A virtual machine should, as much as possible, behave like an actual physical machine in its interactions with its designated user, despite the user's lack of access to the host console.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0383875a2cf7dc744e9f42de8e2ad41.squirrel>