On 15 September 2017 at 12:40, Daniel P. Berrange <berra...@redhat.com> wrote: > IIUC, the public part of the key gets exposed to the guest images via > cloud-init metadata. During boot the guest read this metadata and add > the public key to authorized_keys. The private key is used by the test > suite on the host so that it can now login to the guests. > > So the risk here is that if these guests were exposed to the LAN in any > way, someone could grab our private key and login to these guests. > > What saves us is that the VMs are run with user mode slirp networking > so AFAICT, aren't exposed to the LAN.
If I'm reading the right bit of the script we run QEMU with a hostfwd specification using 0.0.0.0 as the host part -- doesn't that listen on all interfaces including the LAN ones? thanks -- PMM