some more found into /var/log/messages Apr 15 21:03:58 air journal[1747077]: 2021-04-15 21:03:58,073+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden Apr 15 21:03:58 air ovirt-vmconsole-proxy-keys[1747073]: ERROR Key list execution failed rc=1 Apr 15 21:03:58 air sshd[1747071]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 Apr 15 21:03:58 air journal[1747082]: 2021-04-15 21:03:58,573+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden Apr 15 21:03:58 air ovirt-vmconsole-proxy-keys[1747078]: ERROR Key list execution failed rc=1 Apr 15 21:03:58 air sshd[1747071]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 Le 15/04/2021 à 21:08, Nathanaël Blanchet a écrit :
Hi,
I was used to use the vmconsole proxy, but since a while, I'm getting this issue (currently 4.4.5):
# ssh -t -p 2222 ovirt-vmconsole@air.v100.abes.fr connect ovirt-vmconsole@air.v100.abes.fr: Permission denied (publickey).
I found following in the engine.log
2021-04-15 17:55:43,094+02 ERROR [org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-4) [] Error validating ticket: : sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at org.ovirt.engine.core.uutils//org.ovirt.engine.core.uutils.crypto.CertificateChain.buildCertPath(CertificateChain.java:128) at org.ovirt.engine.core.uutils//org.ovirt.engine.core.uutils.crypto.ticket.TicketDecoder.decode(TicketDecoder.java:89) at deployment.engine.ear.services.war//org.ovirt.engine.core.services.VMConsoleProxyServlet.validateTicket(VMConsoleProxyServlet.java:175) at deployment.engine.ear.services.war//org.ovirt.engine.core.services.VMConsoleProxyServlet.doPost(VMConsoleProxyServlet.java:225)
The user key is the good one, I use the same with my other engines and I can successfully connect to vm consoles.
Thank you for helping
-- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr