[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [virt-tools-list] Strange behaviour using qemu+ssh on virt-manager



On Tue, Sep 17, 2013 at 02:38:52PM -0300, Fernando Lozano wrote:
> Hi there,
> 
> I am experimenting with different security settings for libvirtd, so
> I can give sysadmins administrative access to the KVM hypervisor
> without giving them root access on the host. I had success using TLS
> (with client-certs) and SASL, but have not managed to make polkit
> and ssh to work so far.
> 
> If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw  a
> local virsh connection gets this error:
> 
> "Authorization requires authentication but no agent is available"
> 
> Thus  I'm using "sasl" for tcp and "none" for the unix socket.
> 
> When I try a "qemu+ssh" remote virsh connection evething works fine.
> But then I try the same URL using virt-manager, and then try to open
> a guest console, virt-manager prompts multiple times for a ssh login
> password.
> 
> Shoudn't virt-manager resue the same ssh connection for guest
> console access? And even if it needs to open a new ssh connection
> for the spice connection, this should require only one additional
> ssh login.
> 
> But I tried many times, carefully typing the password each time, and
> I'm sure they were not typos: virt-manager is actually asking for
> the ssh login password many times!
> 
> Maybe people who use ssh keys (passwordless) logins didn't notice,
> but I think virt-manager should't require more than one addtional
> ssh connection per guest console. Is this a bug?

Each console rquires that we setup a new SSH tunnel, since every
console is on a different socket on the remote host and we don't
know them all ahead of time.

If you are using SSH for libvirt, it is expected that you setup
SSH agent + public keys, so that you are not prompted for passwords
at all when logging on.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]