Currently, RHEV-M appliance provided d/s does not have root ssh access enabled due to security reasons. It is quite inconvenient and requires additional steps from the user[1]. Hosted-engine setup should ask the user during hosted-engine deployment to enable ssh access for RHEV-M appliance. [1] https://access.redhat.com/solutions/2262201
P.S. I think this RFE should be filed on the d/s project. But following the current workflow.
IMO the question should be (based on an installer of a project who maintains OpenSSH): ~~~ Allow root ssh login? (yes, no, prohibit-password) no ~~~ When prohibit-password would be intered, then we could ask for public ssh key.
There could be also a line like this one to describe what's going on: ~~~ echo "WARNING: root is targeted by password guessing attacks, pubkeys are safer." ~~~
Sure. Not sure about warnings. I think we are overdoing here. All RHEV-M deployments have root access by default (as any other RHEL box).
*** Bug 1382581 has been marked as a duplicate of this bug. ***
Why are the scripts removing the patch?
Shlomi, can you check? new hooks were deployed recently, so there might be a bug in the new code.
(In reply to Eyal Edri from comment #7) > Shlomi, can you check? > new hooks were deployed recently, so there might be a bug in the new code. Any news?
Should this be on QA?
Works for me on components as appears bellow: Enter ssh public key for the root user that will be used for the engine appliance (leave it empty to skip): [WARNING] Skipping appliance root ssh public key Do you want to enable ssh access for the root user (yes, no, without-password) [yes]: Hosts: rhevm-appliance-20161214.0-1.el7ev.noarch ovirt-hosted-engine-ha-2.1.0-1.el7ev.noarch ovirt-host-deploy-1.6.0-1.el7ev.noarch ovirt-imageio-common-0.5.0-0.el7ev.noarch ovirt-vmconsole-host-1.0.4-1.el7ev.noarch qemu-kvm-rhev-2.6.0-28.el7_3.3.x86_64 libvirt-client-2.0.0-10.el7_3.4.x86_64 mom-0.5.8-1.el7ev.noarch vdsm-4.19.2-2.el7ev.x86_64 ovirt-hosted-engine-setup-2.1.0-2.el7ev.noarch ovirt-setup-lib-1.1.0-1.el7ev.noarch ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch ovirt-imageio-daemon-0.5.0-0.el7ev.noarch ovirt-vmconsole-1.0.4-1.el7ev.noarch rhevm-appliance-20161214.0-1.el7ev.noarch sanlock-3.4.0-1.el7.x86_64 Linux version 3.10.0-514.6.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Sat Dec 10 11:15:38 EST 2016 Linux 3.10.0-514.6.1.el7.x86_64 #1 SMP Sat Dec 10 11:15:38 EST 2016 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux Server release 7.3 (Maipo)