On 21/10/14 09:21, Sven Kieske wrote:
On 21/10/14 09:05, Yedidyah Bar David wrote:
> ----- Original Message -----
>> From: "Hoot Thompson" <hoot(a)ptpnow.com>
>> To: users(a)ovirt.org
>> Sent: Tuesday, October 21, 2014 3:52:24 AM
>> Subject: [ovirt-users] [Fwd: options for root and password]
>>
>>
>>
>> Is there an alternative to the root/paasword approach to managing hosts
>> (by the engine)? Our preference would be keys/passphrase if that's
>> possible.
>
> IIRC we already allow that, no? In the "new host" dialog you can choose
> "ssh public key".
>
> Best,
>
Well there is this wiki page:
http://www.ovirt.org/Features/Ssh_Abilities
but it is from 2013 and has this security hole:
"Currently we don't enforce fingerprint validation."
I don't know if this is still valid, I don't find any
options regarding public/private keys in ovirt 3.3. but
I would be very interested in this topic to tighten security.
I found this:
http://www.ovirt.org/OVirt_Administration_Guide#Host_Tasks
"Select an authentication method to use with the host.
1. Enter the root user's password to use password authentication.
2. Copy the key displayed in the SSH PublicKey field to
/root/.ssh/authorized_keys on the host to use public key authentication."
I guess this just works from version 3.4 upwards or also for 3.3.?
if for 3.3. since which z stream release?
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen