Re: [ovirt-users] [Fwd: options for root and password]

From: "Sven Kieske" <s.kieske(a)mittwald.de&gt; To: users(a)ovirt.org Sent: Tuesday, October 21, 2014 10:30:34 AM Subject: Re: [ovirt-users] [Fwd: options for root and password] On 21/10/14 09:21, Sven Kieske wrote: > > > On 21/10/14 09:05, Yedidyah Bar David wrote: >> ----- Original Message ----- >>> From: "Hoot Thompson" <hoot(a)ptpnow.com&gt; >>> To: users(a)ovirt.org >>> Sent: Tuesday, October 21, 2014 3:52:24 AM >>> Subject: [ovirt-users] [Fwd: options for root and password] >>> >>> >>> >>> Is there an alternative to the root/paasword approach to managing hosts >>> (by the engine)? Our preference would be keys/passphrase if that's >>> possible. >> >> IIRC we already allow that, no? In the "new host" dialog you can choose >> "ssh public key". >> >> Best, >> > > Well there is this wiki page: > > http://www.ovirt.org/Features/Ssh_Abilities > > but it is from 2013 and has this security hole: > > "Currently we don't enforce fingerprint validation." > > I don't know if this is still valid, I don't find any > options regarding public/private keys in ovirt 3.3. but > I would be very interested in this topic to tighten security. > I found this: http://www.ovirt.org/OVirt_Administration_Guide#Host_Tasks "Select an authentication method to use with the host. 1. Enter the root user's password to use password authentication. 2. Copy the key displayed in the SSH PublicKey field to /root/.ssh/authorized_keys on the host to use public key authentication." I guess this just works from version 3.4 upwards or also for 3.3.? if for 3.3. since which z stream release?