Red Hat Bugzilla – Bug 811346
remote spice connection without ssh keys opens many askpass dialogs at once
Last modified: 2014-03-26 08:37:38 EDT
Description of problem:
When attempting to open a guest window on a remote ssh connection, I get multiple overlapping ssh password dialogs that keep opening on top of each other, and ultimately result in an error-message popup which reads:
"SSH password dialog could not grab the keyboard input. This might be caused by application such as screensaver, however it could also mean that someone may be eavesdropping on your session. Either close the application which grabs the keyboard or log out and log in again to prevent this from happening."
I run a straightforward default gnome 3 desktop, and nothing else is running beyond virt-manager itself.
Opening the ssh remote connection itself works fine (the connection URI looks
like this: qemu+ssh://firstname.lastname@example.org/system). It is only once I pick one of the listed guests and double-click on it to open the DisplaySpice connection that I get flooded by ssh password requests and error messages.
Version-Release number of selected component (if applicable):
attempt to open a remote kvm guest over an ssh connection
Steps to Reproduce:
1. From virt-manager, connect to a remote host using qemu+ssh
(qemu+ssh://email@example.com/system). This might
require completing an ssh password dialog for
2. Double-click on one of the listed (running) guests. Mine are set
up to use Spice rather than VNC.
Get flooded by dialogs asking for the remote root's password, and by popups containing the error message quoted above
After completing the first password dialog for remote root, the viewer starts displaying the remote guest.
Spice requires multiple channels to do its thing, which means opening multiple SSH tunnels. If you want to use remote spice, you really should be using ssh keys.
That said maybe we can serialize how these are opened so that multiple dialogs don't jump up at once.
So serializing this isn't as simple as I thought. I think the only way forward here is for us to use a library like libssh2 to try and fix this stuff once and for all. However that's not an easy bit of work so won't make the next release.
In the interim, I'd recommend setting up SSH keys to avoid the dialogs all together, or use ssh connection sharing like described here:
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '16'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 16's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 16 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" and open it against that version of Fedora.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
I figured out a way to fix this upstream:
But it's not really backportable, moving to F20 where we will rebase in the fix.
virt-manager-0.10.0-3.gita2e52067.fc20 has been submitted as an update for Fedora 20.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing virt-manager-0.10.0-3.gita2e52067.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
virt-manager-0.10.0-3.gita2e52067.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
I'm on Fedora 20 and I still have the issue. I have to type my ssh password 4 times to open the remote display.
$ rpm -qi virt-manager
Name : virt-manager
Version : 1.0.0
Release : 6.fc20
Install Date: Tue 25 Mar 2014 10:12:05 AM CET
Group : Applications/Emulators
Size : 3687809
License : GPLv2+
Signature : RSA/SHA256, Tue 11 Mar 2014 07:12:37 PM CET, Key ID 2eb161fa246110c1
Source RPM : virt-manager-1.0.0-6.fc20.src.rpm
Build Date : Mon 10 Mar 2014 02:58:38 PM CET
Build Host : arm02-builder09.arm.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : http://virt-manager.org/
Summary : Virtual Machine Manager
Virtual Machine Manager provides a graphical tool for administering virtual
machines for KVM, Xen, and LXC. Start, stop, add or remove virtual devices,
connect to a graphical or serial console, and see resource usage statistics
for existing VMs on local or remote machines. Uses libvirt as the backend
The original report was that all the dialogs were opened at the same time, overlapping and causing weird X errors since they all want to own focus. The root issue that spice requires multiple channels is not 'fixed' and doesn't have a clear solution. You can probably work around this on your machine, google 'ssh connection sharing'
Thanks for you comment. I hadn't understood well that the root cause was not the subject of this bug report but it's side-effect.
May I suggest that if the solution is the ssh connection sharing, why don't implement it in virt-manager? It is only a matter of option when initializing the first connection to the remote host. Every ssh connection configured in virt-manager would have the connection sharing enabled even if they don't use it later (because they doesn't use spice but VNC for example).
connection sharing has its caveats, so if we implemented it we'd need to allow users to turn it off, so more UI, more code paths to test.
If we are going to mess with this code, it would be to consider switching to an ssh library that should hopefully solve this problem.
Until then, the recommended usage in this scenario is to set up ssh keys, it's pretty easy: