Description of problem: The "virtctl ssh" and "NodePort ssh" commands that are copied from the UI do not work unless the user adds the "-i" flag and the private key. Version-Release number of selected component (if applicable): 4.13 How reproducible: Steps to Reproduce: 1. Create SSH key pair with "ssh-keygen" in /home/user/.ssh directory. 2. Inject public key as static key into a VM and restart the VM. 3. Copy the virtctl ssh command from the UI and try to run it from the CLI. Actual results: Permission denied error: [avitalpinnick@fedora ~]$ virtctl -n avital ssh cloud-user@rhel9-inject-before-boot The authenticity of host 'vmi/rhel9-inject-before-boot.avital (<no hostip for proxy command>)' can't be established. ED25519 key fingerprint is SHA256:vmloMxhsR1f49jl04UrMNiJkxn3Xj9HHufgfwtWHHLM. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'vmi/rhel9-inject-before-boot.avital' (ED25519) to the list of known hosts. cloud-user@vmi/rhel9-inject-before-boot.avital: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Expected results: SSH connection succeeds Additional info: This command worked with "/home/avitalpinnick/.ssh/testkey2": "virtctl -n avital ssh cloud-user@rhel9-inject-before-boot -i testkey2" If the private key is in another location, the full path has to be specified: "virtctl -n avital ssh cloud-user@rhel9-inject-before-boot -i /home/avitalpinnick/testkey2" I observed the same behavior when I copied and ran the NodePort/SSH command (after running the oc patch command to get the service to work). I recommend adding "-i <private_SSH_key>" with a tooltip saying that if the private key is not in /home/user/.ssh, the full path needs to be specified.
Should documentation for the "--identity-file" and a "--local-ssh-opts" option added to https://docs.openshift.com/container-platform/4.14/virt/virtual_machines/virt-accessing-vm-ssh.html#using-virtctl-ssh_virt-accessing-vm-ssh ?
verified on kubevirt-console-plugin-rhel9:v4.14.0-2359
(In reply to Dominik Holler from comment #1) > Should documentation for the "--identity-file" and a "--local-ssh-opts" > option added to > https://docs.openshift.com/container-platform/4.14/virt/virtual_machines/ > virt-accessing-vm-ssh.html#using-virtctl-ssh_virt-accessing-vm-ssh > ? The "-i" flag (same as --identity-file) is already documented: https://docs.openshift.com/container-platform/4.14/virt/virtual_machines/virt-accessing-vm-ssh.html#virt-running-virtctl-ssh-command_virt-accessing-vm-ssh
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.14.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6817