On 6/7/20 5:01 AM, Yedidyah Bar David wrote:
On Sat, Jun 6, 2020 at 8:42 PM Michael Thomas <wart@caltech.edu> wrote:
After a week of iterations, I finally found the problem. I was setting 'PermitRootLogin no' in the global section of the bare metal OS sshd_config, as we do on all of our servers. Instead, PermitRootLogin is set to 'without-password' in a match block to allow root logins only from a well-known set of hosts.
Thanks for the report!
Can someone explain why setting 'PermitRootLogin no' in the sshd_config on the hypervisor OS would affect the hosted engine deployment?
Because the engine (running inside a VM) uses ssh as root to connect to the host (in which the engine vm is running).
Would it be sufficient to set, on the host, 'PermitRootLogin without-password' in a Match block that matches the ovirt management network? Match Address 10.10.10.0/24 PermitRootLogin without-password ? --Mike