Bug 1258726
Summary: | virt-who can't run libvirt remote mode and show the permission denied error | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Eko <hsun> |
Component: | virt-who | Assignee: | Radek Novacek <rnovacek> |
Status: | CLOSED ERRATA | QA Contact: | Li Bin Liu <liliu> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.2 | CC: | dazhang, gxing, ovasik, sgao, shihliu, wpinheir |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | virt-who-0.14-7.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-19 11:58:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eko
2015-09-01 06:18:51 UTC
Password authentication with remote libvirt might not work at the moment. Can you please try to copy your public ssh key to the remote system: ssh-copy-id root.128.13 Let me know if that helps. In the meanwhile I'll try to fix the password authentication or at least document it. hi radek, If I create the public ssh key and make ssh to login the remote libvirt host without password, thus, virt-who can run normally. ssh transport in libvirt doesn't support password authentication without ssh-agent. I'll add a note that this is not supported and the user should use ssh keys. Fixed in virt-who-0.14-7.el7. hi radek, how to verify this issue on virt-who-0.14-7.el7.noarch? when I run virt-who service for libvirt remote mode with password, there is no any note or warning message found. I think it should be more best if virt-who can support "ssh password" and "ssh key" both. When you supply --libvirt-password option, virt-who should show a warning (Password authentication doesn't work with ssh transport on libvirt backend, copy your public ssh key to the remote machine). There is also a note in virt-who(8) manual page. I agree that it would be better to support "ssh passwords", but libvirt doesn't support supplying passwords directly and it depends on usage of ssh-agent. Unfortunately we can't use ssh-agent from virt-who. ok, got it, I will change the status to verify Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2370.html Waldirio, yes, you need to copy public ssh keys to remote servers, as noted in the virt-who man page: --libvirt-password=PASSWORD Password for connecting to libvirt. This option doesn't work with ssh transport (default), copy your public ssh key to the remote machine. Does this solve your problem? Hi Radek, good morning For now yes, although customer sent to us one great attention point related to security, actually if anyone get access to this server, will be possible to do / access all computer nodes as root and on their environment, this is one huge security issue. Do you believe be possible improve the code to use the password defined in virt-who conf files ?! There we can just define the remote password in crypt format. Appreciate your feedback. Best Regards -- Waldirio M Pinheiro | Senior Software Maintenance Engineer |