1. Put the engine in a match block where passowrd authentication is possible.
2. Firewalld rate limit has a burst effect so ot will never limit on the third attempt.
Put a higher value like 10-15 and you will notice that it works.
Usually infrastructure like oVirt ahould not be exposed to the wild (internet).
Best Regards,Strahil Nikolov
Hello,
1.
Is it possible to disable ssh root password authentication in a working oVirt cluster
without any problems? (host and ovirt-engine)
/etc/ssh/sshd_config
PasswordAuthentication no
The SSH public authentication key is set on the host.
2.
I tried setting ssh rate limit using firewall-cmd but it doesn't work for some reason.
I can log in more than once.
firewall-cmd --permanent --add-rich-rule='rule family="ipv4"
priority="-1" service name=ssh limit value=3/m accept'
There is best practice for this?
Thanks
Peter
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A45N3C7GLFK...