Bug 1653229 - [RFE] Add SSH Keypair credentials for VMware hosts [NEEDINFO]
Summary: [RFE] Add SSH Keypair credentials for VMware hosts
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.10.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: 5.11.z
Assignee: Milan Zázrivec
QA Contact: Nandini Chandra
Red Hat CloudForms Documentation
Depends On:
TreeView+ depends on / blocked
Reported: 2018-11-26 10:28 UTC by Fabien Dupont
Modified: 2020-07-17 13:57 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-07-17 13:57:22 UTC
Category: ---
Cloudforms Team: VMware
Target Upstream Version:
fdupont: needinfo? (hkataria)

Attachments (Terms of Use)

Description Fabien Dupont 2018-11-26 10:28:18 UTC
VMware hosts may be configured with an SSH key pair for remote login. The ssh_keypair authentication type exists in CloudForms. Enabling it for the VMware hosts would extend the connection capabilities.

Comment 2 Adam Grare 2018-11-26 20:44:05 UTC
@Fabien what do you mean by "Enabling it for the VMware hosts would extend the connection capabilities." ?

The backend is flexible, you can add an SSH key to any host if you want:

>> host = ManageIQ::Providers::Vmware::InfraManager::HostEsx.first
>> host.update_authentication(:remote => {:auth_key => "ssh-rsa [snip] agrare@redhat.com", :userid => "agrare@redhat.com.com"})
>> host.authentication_check(:remote)
=> [false, "Login failed due to a bad username or password."] # Note I didn't actually add my ssh key but it really did check

Or do you mean add the ability to add an ssh key from the UI?  If so this sounds like a UI RFE not a providers RFE.

Comment 3 Fabien Dupont 2018-11-26 20:50:12 UTC
You're right. I mean from the UI, as it's the most common interaction. Will change the component.

Comment 4 Dave Johnson 2018-11-29 04:45:47 UTC
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.

Comment 12 Fabien Dupont 2020-03-18 07:45:26 UTC
What is the current remote auth type ? Isn't it already SSH ? IIUC, the choice is between password and auth_key, rather than protocol.

Comment 13 Martin Maroši 2020-03-31 07:26:52 UTC
Yes, the remote is already SSH already.

Comment 14 Fabien Dupont 2020-03-31 09:02:25 UTC
My understanding is that the names of the authentications are more "purposes". The protocol will vary:

- remote : SSH with userid/password
- remote with key: SSH with userid/private key
- IPMI: IPMI with userid/password

We could imagine more purposes, like:

- ansible: SSH with userid/password
- ansible escalated: SSH with userid/password and escalation parameters
- SSA: VDDK with userid/password

Note You need to log in before you can comment on or make changes to this bug.