[libvirt] Accessing libvirtd remotely as non-root user

Dan Mossor danofsatx at gmail.com
Fri Jun 12 19:29:39 UTC 2015


On 06/12/2015 12:58 PM, Laine Stump wrote:
> On 06/12/2015 12:14 PM, Dan Mossor wrote:
>> On 06/12/2015 03:48 AM, Daniel P. Berrange wrote:
>>> On Thu, Jun 11, 2015 at 05:26:20PM -0500, Dan Mossor wrote:
>>>> I manage libvirtd on a few remote machines, and my security policies
>>>> require
>>>> me to disable root login via SSH. Up to this point, I've been using
>>>> root due
>>>> to the systems being in staging, but this is the final step before
>>>> they're
>>>> moved to production.
>>>>
>>>> What is the current proscribed method of connecting virt-manager or
>>>> virsh to
>>>> a remote system with a non-root account? I keep getting "authentication
>>>> failed: no agent is available to authenticate" with a user that is
>>>> in the
>>>> kvm and qemu groups on the systems I've tried using the ssh transport.
>>>
>>> This guide ought to help you set it up
>>>
>>>      http://wiki.libvirt.org/page/SSHPolicyKitSetup
>>>
>> Ok, so I finally got it working.
>>
>> The SSHPolicyKitSetup page at the libvirt wiki states right at the top
>> that "As of polkit 0.106 the .pkla format is no more, and these
>> configuration files must be written in Javascript."
>>
>> Further down the page, it reinforces this statement with "The
>> information in this section is obsolete; see the top of this page for
>> more information."
>>
>> However, both of those statements are incorrect. Following the
>> directions provided by [1] from the wiki page produced zero results -
>> the operation still failed with "authentication failed: no agent is
>> available to authenticate" when attempting to connect. [...]
>
> It sounds like you're volunteering to update the wiki page :-)
>
> (Seriously, auto account creation is disabled on the wiki, but Dan
> Berrange has the necessary credentials to create an account for you.)
>
>
>
I'd love to. If one of y'all would contact me off-list with account 
instructions/details, I'll get right on it.

Regards,

-- 
Dan Mossor, RHCSA
Systems Engineer
Fedora Server WG | Fedora KDE WG | Fedora QA Team
Fedora Infrastructure Apprentice
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA




More information about the libvir-list mailing list