Bug 1047861

Summary: libssh2 driver always seems to print "SSH transport error: no suitable method to retrieve authentication credentials"
Product: [Community] Virtualization Tools Reporter: Richard W.M. Jones <rjones>
Component: libvirtAssignee: Peter Krempa <pkrempa>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: emil.gelev, pkrempa, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-05 05:43:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 910269    

Description Richard W.M. Jones 2014-01-02 12:06:08 UTC 
Description of problem:

eg:
$ virsh -c 'qemu+libssh2://localhost/system' list
error: failed to connect to the hypervisor
error: SSH transport error: no suitable method to retrieve authentication credentials
$ virsh -c 'qemu+libssh2://root@localhost/system' list 
error: failed to connect to the hypervisor
error: SSH transport error: no suitable method to retrieve authentication credentials

Surely this should work?

Version-Release number of selected component (if applicable):

libvirt-daemon-1.1.3.2-1.fc20.x86_64
libssh2-1.4.3-8.fc20.x86_64

How reproducible:

100%

Steps to Reproduce:

See above.
Comment 1 Richard W.M. Jones 2014-01-02 12:11:23 UTC 
By the way, the error sucks too.

There seem to be two places where the error can be produced,
both completely different in character.

In the first place a better error would be:

"The authentication callback passed to virConnectOpen does
not support VIR_CRED_ECHOPROMPT."

The second place would be better as:

"The authentication callback passed to virConnectOpen does
not support VIR_CRED_ECHOPROMPT, VIR_CRED_NOECHOPROMPT and/or
VIR_CRED_PASSPHRASE."
Comment 2 Peter Krempa 2015-10-02 13:32:01 UTC 
This was accidentally caused by commit:

commit 792f81a40ea86e53e834efaaf079c9c0ac104f76
Author: Daniel P. Berrange <berrange>
Date:   Mon Jul 8 15:09:33 2013 +0100

    Convert 'int i' to 'size_t i' in src/rpc/ files
    
    Convert the type of loop iterators named 'i', 'j', k',
    'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
    'unsigned int', also santizing 'ii', 'jj', 'kk' to use
    the normal 'i', 'j', 'k' naming
    
    Signed-off-by: Daniel P. Berrange <berrange>

The code is setting the variable to -1 in one instance and thus failing to find the proper callback.
Comment 3 Peter Krempa 2015-10-05 05:43:54 UTC 
Fixed upstream:

commit 9869f24d08af1f0d5f45175117953704064556c2
Author: Peter Krempa <pkrempa>
Date:   Fri Oct 2 15:49:01 2015 +0200

    rpc: libssh2: Fix regression in ssh host key verification
    
    Commit 792f81a40e caused a regression in the libssh2 host key
    verification code by changing the variable type of 'i' to unsigned.
    Since one of the loops used -1 as a special value if the asking
    callback was found the conversion made a subsequent test always fail.
    
    The bug was stealth enough to pass review, compilers and coverity.
    
    Refactor the condition to avoid problems.
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861