Bug 822340 - There are some typos when virsh connect source guest server with ssh PermitRootLogin disabled
There are some typos when virsh connect source guest server with ssh PermitRo...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt (Show other bugs)
6.3
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Gunannan Ren
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-17 02:18 EDT by Cui Lei
Modified: 2013-02-21 02:13 EST (History)
9 users (show)

See Also:
Fixed In Version: libvirt-0.10.0-0rc0.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 02:13:23 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0276 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2013-02-20 16:18:26 EST

  None (edit)
Description Cui Lei 2012-05-17 02:18:53 EDT
Description of problem:
When use virsh -c connect source guest server with ssh PermitRootLogin disabled, there are some typos in pop up warning message
Here is the warning message:

The authenticity of host '10.66.6.214 (10.66.6.214)' can't be established.
RSA key fingerprint is 28:96:e7:fb:a3:0d:2e:bc:07:e2:2c:cc:9d:76:39:30.
Are you sure you want to continue connecting (yes/no)? yes
root@10.66.6.214's password:
root@10.66.6.214's password:
root@10.66.6.214's password:
error: Cannot recv data: Warning: Permanently added '10.66.6.214' (RSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
: Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).

Three typos in the last line:
1. First ':' at the begin of the line should be removed.
2. Each ',' should follow a space.
3. The ')' should be removed, as there is no '(' match with it.

Version-Release number of selected component (if applicable):
virt-v2v-0.8.7-6.el6.x86_64
libguestfs-1.16.19-1.el6.x86_64
libvirt-0.9.10-20.el6.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Disable root login in source guest server and restart sshd service.
2. Use virt-v2v to connect the source guest server, such as command: "virsh -c qemu+ssh://10.66.6.214/system"
3. Input password three times, then check the pop up warning message.

Actual Results:
Three typos existed in the last line of warning message.

Expected results:
There should be no typos in warning message.
Comment 3 Gunannan Ren 2012-07-18 03:26:42 EDT
The error message should be like:
error: Cannot recv data: Warning: Permanently added '10.66.6.214' (RSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). : Connection reset by peer

The "Connection reset by peer" is from errno set by failed read() operation. what libvirt does is to concatenate the string to the ssh error string with the colon ":".
But because ssh error string ends with a carriage return '\r' before concatenating, it becomes
...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r :
Connection reset by peer

The terminal interprets '\r' as "move the cursor back to the start of the current line", so the results becomes:
...
: Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).

the errno string messed up with ssh error string.
What we are gonna do is remove the ending '\r' from ssh error string.
Comment 4 Gunannan Ren 2012-07-18 06:23:44 EDT
patch sent to upstream
https://www.redhat.com/archives/libvir-list/2012-July/msg00724.html
Comment 5 Gunannan Ren 2012-07-18 23:27:08 EDT
commit 5b924be906160ac3db884dfb6a063db83f192e65
Author: Guannan Ren <gren@redhat.com>
Date:   Wed Jul 18 23:02:02 2012 +0800

    rpc: remove trailing whitespace character in error string
    
    Instead of only removing the ending newline character, it is
    better to remove all of standard whitespace character for the
    sake of log format.
    
    One example that we have to do this is:
    After three times incorrect password input, virsh command
    virsh -c qemu://remoteserver/system will report error like:
    
    : Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).
    
    But it should be:
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    : Connection reset by peer
    
    The reason is that we dropped the newline, but have a '\r' left.
    The terminal interprets it as "move the cursor back to the start
    of the current line", so the error string is messed up.
Comment 7 Huang Wenlong 2012-08-06 02:04:13 EDT
Verify this bug with 
libvirt-0.10.0-0rc0.el6.x86_64

input incorrect passwd 3 times 

# virsh -c qemu+ssh://10.66.5.12/system list
root@10.66.5.12's password: 
root@10.66.5.12's password: 
root@10.66.5.12's password: 
error: Cannot recv data: 2012-08-06 05:58:54.155+0000: 22189: info : libvirt version: 0.10.0, package: 0rc0.el6 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2012-08-02-03:44:27, x86-007.build.bos.redhat.com)
2012-08-06 05:58:54.155+0000: 22189: warning : virFileClose:65 : Tried to close invalid fd 7
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).: Connection reset by peer
error: failed to connect to the hypervisor
Comment 8 errata-xmlrpc 2013-02-21 02:13:23 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html

Note You need to log in before you can comment on or make changes to this bug.