[ovirt-users] Re: can't use vmconsole anymore

some more found into /var/log/messages Apr 15 21:03:58 air journal[1747077]: 2021-04-15 21:03:58,073+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden Apr 15 21:03:58 air ovirt-vmconsole-proxy-keys[1747073]: ERROR Key list execution failed rc=1 Apr 15 21:03:58 air sshd[1747071]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 Apr 15 21:03:58 air journal[1747082]: 2021-04-15 21:03:58,573+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden Apr 15 21:03:58 air ovirt-vmconsole-proxy-keys[1747078]: ERROR Key list execution failed rc=1 Apr 15 21:03:58 air sshd[1747071]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 Le 15/04/2021 à 21:08, Nathanaël Blanchet a écrit : > Hi, > > I was used to use the vmconsole proxy, but since a while, I'm getting > this issue (currently 4.4.5): > > # ssh -t -p 2222 ovirt-vmconsole(a)air.v100.abes.fr connect > ovirt-vmconsole(a)air.v100.abes.fr: Permission denied (publickey). > > I found following in the engine.log > > 2021-04-15 17:55:43,094+02 ERROR > [org.ovirt.engine.core.services.VMConsoleProxyServlet] (default > task-4) [] Error validating ticket: : > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at > java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) > at > java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) > at > java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) > at > org.ovirt.engine.core.uutils//org.ovirt.engine.core.uutils.crypto.CertificateChain.buildCertPath(CertificateChain.java:128) > at > org.ovirt.engine.core.uutils//org.ovirt.engine.core.uutils.crypto.ticket.TicketDecoder.decode(TicketDecoder.java:89) > at > deployment.engine.ear.services.war//org.ovirt.engine.core.services.VMConsoleProxyServlet.validateTicket(VMConsoleProxyServlet.java:175) > at > deployment.engine.ear.services.war//org.ovirt.engine.core.services.VMConsoleProxyServlet.doPost(VMConsoleProxyServlet.java:225) > > The user key is the good one, I use the same with my other engines and > I can successfully connect to vm consoles. > > Thank you for helping > -- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet(a)abes.fr _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4ARLUNP53FH...