Bug 905513

Summary: Disable libssh2 transport support
Product: Red Hat Enterprise Linux 7 Reporter: Jiri Denemark <jdenemar>
Component: libvirtAssignee: Jiri Denemark <jdenemar>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 7.0CC: acathrow, berrange, cwei, dallan, dyuan, kdudka, mzhan, pkrempa, ydu
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-1.0.2-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:01:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Denemark 2013-01-29 14:42:38 UTC 
Description of problem:

libssh2 transport is implemented upstream but it is not stable/usable enough to be supportable in RHEL 7.0.

Version-Release number of selected component (if applicable):

libvirt-1.0.1-1.el7

How reproducible:

100%

Steps to Reproduce:
1. virsh -c qemu+libssh2://127.0.0.1/system list
  
Actual results:

The command succeeds.


Expected results:

The command should fail with the following message:

error: libssh2 transport support was not enabled: Function not implemented
error: failed to connect to the hypervisor

Additional info:
Comment 1 Daniel Berrangé 2013-01-29 15:00:12 UTC 
(In reply to comment #0)
> Description of problem:
> 
> libssh2 transport is implemented upstream but it is not stable/usable enough
> to be supportable in RHEL 7.0.

Please provide links with details of the problems seen, so that when someone looks at this bug in a year's time, we know what motivated us to disable it in the first place.
Comment 2 Jiri Denemark 2013-01-30 10:48:19 UTC 
Dave/Peter can you shed some light on that?
Comment 3 Peter Krempa 2013-01-30 11:03:03 UTC 
One of the main problems is caused by the incomplete support for host keys stored in the known_hosts file. Libssh2 doesn't support ECDSA keys and corrupts the known hosts file containing those. Commit

commit 225f280744e38fae883bd289ef34bb3f6db71c10
Author: Peter Krempa <pkrempa>
Date:   Tue Aug 21 17:54:26 2012 +0200

    client: Change default location of known_hosts file for libssh2 layer
    
    Unfortunately libssh2 doesn't support all types of host keys that can be
    saved in the known_hosts file. Also it does not report that parsing of
    the file failed. This results into truncated known_hosts files where the
    standard client stores keys also in other formats (eg.
    ecdsa-sha2-nistp256).
    
    This patch changes the default location of the known_hosts file into the
    libvirt private configuration directory, where it will be only written
    by the libssh2 layer itself. This prevents trashing user's known_host
    file.

workarounds that partially by using a separate known_hosts file, but this solution isn't ideal.
Comment 6 Huang Wenlong 2013-02-04 08:24:44 UTC 
Verify this bug :
libvirt-1.0.2-1.el7.x86_64

# virsh -c qemu+libssh2://127.0.0.1/system list
error: failed to connect to the hypervisor
error: libssh2 transport support was not enabled: Function not implemented
Comment 8 Ludek Smid 2014-06-13 10:01:08 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.