Bug 1248238
Summary: | RFE: Investigate using paramiko for spice+ssh, instead of manual ssh calls | ||
---|---|---|---|
Product: | [Community] Virtualization Tools | Reporter: | jamespharvey20 |
Component: | virt-manager | Assignee: | Cole Robinson <crobinso> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | berrange, crobinso, gscrivan |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-08 18:43:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
jamespharvey20
2015-07-30 00:19:02 UTC
Any thoughts? Things I should run to help diagnose this? The multiple password prompts are likely due to spice: spice opens multiple network connections for its various channels (video, input, sound, usb redirection, etc), and each need to open an ssh tunnel to the remote machine. So you'll get lots of password prompts The simplest 'fix' is to either setup ssh keys so you only need to auth once for SSH. Polkit doesn't help here, since polkit config won't let you skip an ssh prompt no matter how you configure it AFAIK I have some ideas about maybe simplifying this in the future, like trying to use an ssh library rather than forking the 'ssh' which has its own set of problems, but it's just handwavy future work. So I've looked into this. Using paramiko or another SSH library would help in some ways: we could do away with the multiple password prompts, and drop some of the complexity with serializing connection opening. That said, to get full coverage we would need to use libvirt's libssh/libssh2 transport, which isn't guaranteed to be available, and paramiko isn't available on all distros we care about, so the transition would be rough. I don't think it's worth reworking our battle tested code in virt-manager for something that's simpler but potentially has its own set of problems. Plus really the recommendation for all SSH connections is really 'just use ssh keys' which side steps all these issues entirely. |