Re: [ovirt-users] Error during hosted-engine-setup for 3.5.1 on F20 (Cannot add the host to cluster ... SSH has failed)
----- Original Message -----
From: "Sven Kieske" <s.kieske(a)mittwald.de>
To: users(a)ovirt.org
Sent: Tuesday, March 10, 2015 10:39:36 AM
Subject: Re: [ovirt-users] Error during hosted-engine-setup for 3.5.1 on F20 (Cannot add
the host to cluster ... SSH
has failed)
On 09/03/15 17:53, Simone Tiraboschi wrote:
> it gathers the engine SSH public key from
> http://{enginefqdn}/engine.ssh.key.txt
> and it stores it under ~root/.ssh/authenticated_keys to make the
engine able to
> add the host without knowing the host root password.
Sorry that I'm getting off topic, but:
are you sure this is done via _http_ (without "s")?
this should be done via https imho.
Yes, I am.
should I open a BZ for this?
On my opinion no: you just installed the engine and the engine just created its CA.
In order to trust an https connection to the engine you have to trust its CA but you still
don't know it cause it's a private one and it has been just created on the engine
from scratch.
Blindly downloading the engine CA cert and blindly trusting it is not that different that
simply using http to download the public key: in order to fetch it you don't need to
send any password or token and being a public key you don't need to crypt it by
definition so you don't need encryption.
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users