RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1510536 - [RFE] obfuscate password for ssh key in virt-who config file used to connect to hypervisor
Summary: [RFE] obfuscate password for ssh key in virt-who config file used to connect ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virt-who
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: pre-dev-freeze
: ---
Assignee: candlepin-bugs
QA Contact: Eko
URL:
Whiteboard:
Depends On:
Blocks: 1353215 1716985
TreeView+ depends on / blocked
 
Reported: 2017-11-07 15:57 UTC by Andrea Perotti
Modified: 2023-09-14 04:11 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1716985 (view as bug list)
Environment:
Last Closed: 2019-06-11 19:08:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1510631 0 unspecified CLOSED [RFE] Virt-who SSH private key in a configurable location 2023-09-14 04:11:25 UTC

Internal Links: 1510631

Description Andrea Perotti 2017-11-07 15:57:01 UTC 
Description of problem:

2. What is the nature and description of the request?
Customer would like to use an ssh key protected with passphrase in virt-who, and having that password obfuscated in the virt-who configuration file.

3. Why does the customer need this? (List the business requirements here)
Compliance requires that each used ssh keys mush be protected with password 

4. How would the customer like to achieve this? (List the functional requirements here)
With the addition of a new option in virt-who config file

5. For each functional requirement listed in question 4, specify how Red Hat and Customer can test to confirm the requirement is successfully implemented.

You should be able to use virt-who config with an encrypted ssh key, with obfuscated password 

6. Is there already an existing RFE upstream or in Red Hat bugzilla?
   No

7. How quickly does this need resolved? (desired target release)
As soon as possible, it should be made available both on RHEL6 and RHEL7

8. Does this request meet the RHEL Inclusion criteria (please review)
  Yes
9. List the affected packages
virt-who

Version-Release number of selected component (if applicable):

virt-who-0.19-6
Comment 2 Craig Donnelly 2017-11-07 18:26:49 UTC 
Hello,

I wanted to clarify what it is exactly you were looking for in this request.

My interpretation of what you have laid out is as follows:

You have a system that is using libvirt which virt-who would be connecting to via SSH w/username + password - and you want the password to not be plain text.

If that is correct, is the requirement not met by utilizing 'virt-who-password' which ships with virt-who to encrypt the password by way of hashing?

Please provide a little more detail in explicitly what it is your aiming for if the above is not a resolution.

Thanks!
Comment 3 Andrea Perotti 2017-11-07 20:48:40 UTC 
Hi,
   the request is for a more complex use case.

Scenario here is that you do connect to libvirt via ssh, but you do use: 

username
ssh-key (id_rsa+id_rsa.pub)

and that ssh-key is password protected.

Using virt-who-password is fine to scramble, is just needed to have a way to express which is the passphrase of the ssh-key in a non plain-text way.

If you have further doubt on the request, please just let me know.
Comment 4 Craig Donnelly 2017-11-07 22:17:50 UTC 
So what I understand based off of that is that you want 'virt-who' daemon to be able to use an ssh-key to login to libvirt and pass an encrypted password to unlock the ssh-key.

In this case, I would call this an RFE for virt-who, which would need to be placed under RHEL for that team.

I will shift this to the correct place.
Comment 9 William Poteat 2019-06-11 19:08:34 UTC 
This is not necessary for virt-who to operate and it is outside the scope of the application.
Comment 10 Red Hat Bugzilla 2023-09-14 04:11:24 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days
Note You need to log in before you can comment on or make changes to this bug.