Create VM admin

This will create a new user account on your workstation named libvirt-admin. This user will be used as the owner for all the VM disk images, config files, and for running the libvirt (qemu) processes that run your VM.

This separation from the normal account you use is important to limit the privileges that you have over the VM infrastructure. Your normal account should be able to SSH into the VM and have full root privleges inside the VM. But your normal account should not have access to the underlying VM disk image files, nor its configuration. Access to all VM administrative tasks must be done through sudo to control the libvirt-admin account.

Create libvirt-admin user

VM_ADMIN=libvirt-admin
sudo useradd -m ${VM_ADMIN} -s /bin/bash -G libvirt

Extra steps for Debian workstations

sudo gpasswd -a ${VM_ADMIN} kvm

Configure systemd for the libvirt-admin user

sudo loginctl enable-linger ${VM_ADMIN}
sudo su ${VM_ADMIN} -c \
  "echo export XDG_RUNTIME_DIR=/run/user/$(id -u ${VM_ADMIN}) > ~/.bashrc"

Copy your public SSH key into the libvirt-admin home directory

Set SSH_KEY variable to point to your public SSH key file:

SSH_KEY=~/.ssh/id_ed25519.pub

TMP_SSH=$(mktemp)
cat ${SSH_KEY} > ${TMP_SSH}
chmod a+r ${TMP_SSH}
sudo su ${VM_ADMIN:-libvirt-admin} -c "mkdir -p ~/libvirt && cp ${TMP_SSH} ~/libvirt/user-ssh.pub"