From owner-freebsd-virtualization@FreeBSD.ORG Thu Nov 14 17:50:53 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DC3C45B8 for ; Thu, 14 Nov 2013 17:50:53 +0000 (UTC) Received: from mail-pd0-f170.google.com (mail-pd0-f170.google.com [209.85.192.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B46862F5E for ; Thu, 14 Nov 2013 17:50:53 +0000 (UTC) Received: by mail-pd0-f170.google.com with SMTP id q10so2308167pdj.15 for ; Thu, 14 Nov 2013 09:50:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ELlEChRVzchj25M4R+LDsggoaEdSnWCAzWDqt+mWKDc=; b=HBh9VzKmdtl0hWmOOqc2ePNuAFiMk1ViJFFb7NW+yTknmwsP9YGWbsefGcxbTqGlUB +3tj8+c4NSZ8jsJN1gBg62DHZL72TmABrVYsGaC/JqI1W9WV8ufC3zEZNwAN5F4hCQ+N 3lB0FEjQgqba6EtyT4eIuOANgmaD+A2ljdaDkTDO5GPNC0C2PB3MKLSe4jn6rFM1ZvD7 TZBXwRWTuZEglbL2zuA2ScNCDnidaKh5DsUse6ECZMhzhk7d6XdkXDcdIbw6KDVSlwOs RkRqulFucdcWhBccga3P5y8+XLHf7a+T+BrCnusg5szQRiQOCgqqwQBbny5KoNorIv6W 48Og== X-Gm-Message-State: ALoCoQn8efoLfBPKJ3STSpf1sTw2EufZk7xO3q+ALsO5RKrE061wY3cfM6lqSmbt9BE3o1hdsEWY X-Received: by 10.66.242.17 with SMTP id wm17mr2657984pac.102.1384451098236; Thu, 14 Nov 2013 09:44:58 -0800 (PST) Received: from Michaels-MacBook-Pro.local (c-98-246-202-204.hsd1.or.comcast.net. [98.246.202.204]) by mx.google.com with ESMTPSA id gh3sm52939621pbb.2.2013.11.14.09.44.56 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 14 Nov 2013 09:44:57 -0800 (PST) Message-ID: <52850C18.1070408@callfortesting.org> Date: Thu, 14 Nov 2013 09:44:56 -0800 From: Michael Dexter User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-virtualization@freebsd.org, Dee Nixon Subject: Re: RFD: Remote console access to bhyve guest instances? References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Nov 2013 17:50:53 -0000 Dee, Your needs are not unique and a solution is already in the works. Thank you for your use case examples and usability concerns. When you say "write this addition", are you suggesting you have solid development resources to contribute to this effort? All the best, Michael Dexter bhyve Volunteer On 11/14/13 1:02 AM, Dee Nixon wrote: > Problem scenario: > > A cloud provider (defined as someone who allows multiple end-users > to create and manage their own guest instances without direct access > to the host's operating system) needs to provide console access to > each instance in a secure manner. If a cloud provider were to use > bhyve in its current form, a cloud end-user could SSH into a guest > instance, provided the instance is already installed and running, > but the user could NOT do the following tasks, which can be > performed only at the console: > > * OS installation > * Recovering from a virtual “hardware” or OS failure > * Rebooting a halted machine > > A cloud end-user needs to be able to perform the above tasks on a > guest instance without compromising the security of the host. Thus > the end-user needs access to a virtual guest “console” that enables > the above tasks to be performed on a virtual machine – just as, on a > physical machine, the above tasks could be performed via the > physical machine's console. > > However, bhyve does not currently provide any means by which users > can access a guest console without first logging into the host's > console and/or performing some other task that is quite likely to > have security issues. > > A few possible solutions: > > * Use some external program to pipe console I/O via a socket to the > end-user? (but this would be hard to standardize) > * Restricted login? (but this would have concurrency issues as to > which user can access which guest instance) > * Perhaps bhyve could add a console socket port for each guest > instance? (Aryeh Friedman and I favor this idea, unless someone can > suggest something better. If others think this is a good idea, we > can write this addition to bhyve.) > > Does anyone have any other suggestions? > > The discussion of how to handle this problem should consider the > following issues: > > * The solution must allow access to multiple guest consoles at once > by multiple users > * The solution must not require users of guest instances to have > access to the host console, although these users may have limited > access to the host by other means, such as SSH to a port dedicated > to a specific guest. > * The solution must not expose the host OS to other possible > security issues either (remember, bhyve runs as root) > * The solution must be scriptable. > * A virtual machine should, as much as possible, behave like an > actual physical machine in its interactions with its designated > user, despite the user's lack of access to the host console. > > > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" >