Re: [ovirt-users] [Fwd: options for root and password]
----- Original Message -----
From: "Sven Kieske" <s.kieske(a)mittwald.de>
To: users(a)ovirt.org
Sent: Tuesday, October 21, 2014 10:40:39 AM
Subject: Re: [ovirt-users] [Fwd: options for root and password]
On 21/10/14 09:21, Sven Kieske wrote:
> I don't know if this is still valid, I don't find any
> options regarding public/private keys in ovirt 3.3. but
> I would be very interested in this topic to tighten security.
It just turns out this already works in ovirt 3.3.2
maybe even earlier, but I would like to know
if the point about host key validation on the mentioned wiki
page is still true, as I think this would be cve-worthy.
When host is added its ssh fingerprint is recorded in database, and is enforced from this
point on.
Only at Edit Host dialog it can be modified.
You can also pre-fetch the fingerprint before adding the host at Add Host dialog in order
to confirm that it is the correct host, it will add this fingerprint to database and
enforce it when adding the host too.