Terraform to Create Rocky Linux on KVM/Libvirt
Name | Version |
---|---|
terraform | = 1.8.3 |
libvirt | 0.7.6 |
Name | Version |
---|---|
libvirt | 0.7.6 |
template | n/a |
Name | Description | Type | Required |
---|---|---|---|
rocky9_cloudinit_disk | Qcow2 cloud-init location | any |
yes |
rocky9_cloudinit_pool | Which Pool to located cloud-init.iso | any |
yes |
rocky9_domain_memory | Vm Memory | any |
yes |
rocky9_domain_name | VM name | any |
yes |
rocky9_domain_vcpu | VM Cpu count | any |
yes |
rocky9_name | VM name | any |
yes |
rocky9_network_name | VM Network name | any |
yes |
rocky9_volume_format | Volume format .. Qcow2 | any |
yes |
rocky9_volume_name | Qcow2 volume name | any |
yes |
rocky9_volume_pool | Pool to locate VM | any |
yes |
rocky9_volume_size | size in bytes ... equals to 30GB https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/volume#size | any |
yes |
rocky9_volume_source | Rocky linux Qcow2 disk image | any |
yes |
Name | Description |
---|---|
ip | Output Server IP |
ssh-audit -2 127.0.0.1
# general
(gen) banner: SSH-2.0-OpenSSH_8.7
(gen) software: OpenSSH 8.7
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib@openssh.com)
# security
(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups
(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response
# key exchange algorithms
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
`- [info] default key exchange since OpenSSH 6.4
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
`- [info] default key exchange since OpenSSH 6.4
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4
`- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).
# host-key algorithms
(key) rsa-sha2-512 (4096-bit) -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 (4096-bit) -- [info] available since OpenSSH 7.2
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
# message authentication code algorithms
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
# fingerprints
(fin) ssh-ed25519: SHA256:y0irEICTkwOvIP47FGEIb+/MqQ1LYgVA+Jl8IeUxY4c
(fin) ssh-rsa: SHA256:2GzmQeU6Gqqjz5yPsdv4L8HO76PlBQEhCUBvD5TWBmw
# algorithm recommendations (for OpenSSH 8.7)
(rec) +sntrup761x25519-sha512@openssh.com -- kex algorithm to append