This patch adds an extra no_tty=1 flag to the connection URI. This stops ssh from asking for a password if it can't log in automatically. Typical use-case for this is in graphical programs where if ssh asks for a password it would cause the GUI program to hang.
Example: $ virsh -c xen+ssh://xxx/ list rjones xxx's password: Permission denied, please try again. rjones xxx's password: Permission denied, please try again. rjones xxx's password: Permission denied (publickey,gssapi-with-mic,password). libvir: Remote error : Connection reset by peer error: failed to connect to the hypervisor error: no valid connection $ virsh -c xen+ssh://xxx/?no_tty=1 list Permission denied (publickey,gssapi-with-mic,password). libvir: Remote error : Connection reset by peer error: failed to connect to the hypervisor error: no valid connection Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903
Index: docs/libvir.html
===================================================================
RCS file: /data/cvs/libvirt/docs/libvir.html,v
retrieving revision 1.81
diff -u -p -r1.81 libvir.html
--- docs/libvir.html 10 Sep 2007 15:16:25 -0000 1.81
+++ docs/libvir.html 12 Sep 2007 10:22:00 -0000
@@ -1762,6 +1762,20 @@ Note that parameter values must be
<td> Example: <code>no_verify=1</code> </td>
</tr>
+<tr>
+<td> <code>no_tty</code> </td>
+<td> ssh </td>
+<td>
+ If set to a non-zero value, this stops ssh from asking for
+ a password if it cannot log in to the remote machine automatically
+ (eg. using ssh-agent etc.). Use this when you don't have access
+ to a terminal - for example in graphical programs which use libvirt.
+</td>
+</tr>
+<tr> <td colspan="2"></td>
+<td> Example: <code>no_tty=1</code> </td>
+</tr>
+
</table>
<h3><a name="Remote_certificates">Generating TLS certificates</a></h3>
Index: src/remote_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/remote_internal.c,v
retrieving revision 1.21
diff -u -p -r1.21 remote_internal.c
--- src/remote_internal.c 21 Aug 2007 10:08:12 -0000 1.21
+++ src/remote_internal.c 12 Sep 2007 10:22:07 -0000
@@ -290,7 +290,7 @@ doRemoteOpen (virConnectPtr conn, struct
*/
char *name = 0, *command = 0, *sockname = 0, *netcat = 0, *username = 0;
char *server = 0, *port = 0;
- int no_verify = 0;
+ int no_verify = 0, no_tty = 0;
char **cmd_argv = 0;
/* Return code from this function, and the private data. */
@@ -355,6 +355,9 @@ doRemoteOpen (virConnectPtr conn, struct
} else if (strcasecmp (var->name, "no_verify") == 0) {
no_verify = atoi (var->value);
var->ignore = 1;
+ } else if (strcasecmp (var->name, "no_tty") == 0) {
+ no_tty = atoi (var->value);
+ var->ignore = 1;
}
#if DEBUG
else
@@ -553,7 +556,10 @@ doRemoteOpen (virConnectPtr conn, struct
}
case trans_ssh: {
- int j, nr_args = username ? 10 : 8;
+ int j, nr_args = 8;
+
+ if (username) nr_args += 2; /* For -l username */
+ if (no_tty) nr_args += 2; /* For -o PasswordAuthentication=no */
command = command ? : strdup ("ssh");
@@ -568,6 +574,10 @@ doRemoteOpen (virConnectPtr conn, struct
cmd_argv[j++] = strdup ("-l");
cmd_argv[j++] = strdup (username);
}
+ if (no_tty) {
+ cmd_argv[j++] = strdup ("-o");
+ cmd_argv[j++] = strdup ("PasswordAuthentication=no");
+ }
cmd_argv[j++] = strdup (server);
cmd_argv[j++] = strdup (netcat ? netcat : "nc");
cmd_argv[j++] = strdup ("-U");
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature