From: "Sven Kieske" <s.kieske(a)mittwald.de>
To: users(a)ovirt.org
Sent: Tuesday, October 21, 2014 10:21:17 AM
Subject: Re: [ovirt-users] [Fwd: options for root and password]
On 21/10/14 09:05, Yedidyah Bar David wrote:
> ----- Original Message -----
>> From: "Hoot Thompson" <hoot(a)ptpnow.com>
>> To: users(a)ovirt.org
>> Sent: Tuesday, October 21, 2014 3:52:24 AM
>> Subject: [ovirt-users] [Fwd: options for root and password]
>>
>>
>>
>> Is there an alternative to the root/paasword approach to managing hosts
>> (by the engine)? Our preference would be keys/passphrase if that's
>> possible.
>
> IIRC we already allow that, no? In the "new host" dialog you can choose
> "ssh public key".
>
> Best,
>
Well there is this wiki page:
http://www.ovirt.org/Features/Ssh_Abilities
but it is from 2013 and has this security hole:
"Currently we don't enforce fingerprint validation."
I don't know if this is still valid, I don't find any
options regarding public/private keys in ovirt 3.3. but
I would be very interested in this topic to tighten security.
Please review 3.4 or 3.5, there is full enforcement per ssh fingerprint and you can view
the engine public key to be installed within the "Add Host" dialog and use PK
authentication.