Created attachment 1150835 [details] Screenshot for adding server Description of problem: It should let user to input password when add another server in cockpit. In node4.0, the serverA can be added to serverB's cockpit without the password. And then serverA can be managed by serverB's cockpit. It's insecure that serverA can be managed just by providing the ip address. Version-Release number of selected component (if applicable): ovirt-node-ng-installer-ovirt-3.6-2016042500.iso cockpit-0.103-1.el7.centos.x86_64 cockpit-ovirt-0.5.1-0.0.master.el7.centos.noarch How reproducible: 100% Steps to Reproduce: 1. Anaconda install NGN 4.0. 2. Start cockpit service. 3. In dashboard tab, add another server with ip address which is a node 4.0. Actual results: 1. After step3, the another node 4.0 can be added without require a password. Expected results: 1. It should require the root password while been added. Additional info: 1. If we added a fedora 23 host to cockpit, it will require a root password.
That is weird. Did you maybe do an ssh key exchange between the servers?
(In reply to Fabian Deutsch from comment #1) > That is weird. > > Did you maybe do an ssh key exchange between the servers? No. I just install another Node 4.0, and added to serverA.
Can you somehow verify that you can really access the dashbaord of the other server and retrieve informations? Stef, any thoughts on this one?
Need a reproducer for this. Perhaps a cluster of VMs we can access. Cockpit doesn't do magic authentication. The credentials for the remaining node are the same as were used to log into cockpit. Click on the name in the upper left corner, and choose 'Authentication' from the menu to see the credentials that Cockpit has in the session available to access other servers.
Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA.
This behavior is intentional. After changing the password on Host2, and logging out and logging back in we get the following behavior. 1. Attempts to access host2 result in a screen that says "Couldn't connect to the machine" and "Login failed" 2. A "Troubleshoot" button is displayed. 3. Clicking the "Troubleshoot" button offers the following message: "Cockpit was unable to log into 10.66.8.112 you can change your authentication credentials below. You may prefer to synchronize users." 4. Typing a password here allows access to Host2 5. Choosing the 'synchronize users' link allows one to synchronize passwords so that the user does not run into this problem again. Does this match the behavior you've experienced? If so this should be marked as WONTFIX. In addition, the best practice is that the admin uses SSH keys to access the machines in question and not passwords. When SSH keys are available to root on Host1 they can be used to access Host2.
Yes, this matched the behavior. Thanks!