----- Original Message -----
From: "Sven Kieske" <s.kieske@mittwald.de> To: users@ovirt.org Sent: Tuesday, October 21, 2014 10:21:17 AM Subject: Re: [ovirt-users] [Fwd: options for root and password]
On 21/10/14 09:05, Yedidyah Bar David wrote:
----- Original Message -----
From: "Hoot Thompson" <hoot@ptpnow.com> To: users@ovirt.org Sent: Tuesday, October 21, 2014 3:52:24 AM Subject: [ovirt-users] [Fwd: options for root and password]
Is there an alternative to the root/paasword approach to managing hosts (by the engine)? Our preference would be keys/passphrase if that's possible.
IIRC we already allow that, no? In the "new host" dialog you can choose "ssh public key".
Best,
Well there is this wiki page:
http://www.ovirt.org/Features/Ssh_Abilities
but it is from 2013 and has this security hole:
"Currently we don't enforce fingerprint validation."
I don't know if this is still valid, I don't find any options regarding public/private keys in ovirt 3.3. but I would be very interested in this topic to tighten security.
I agree. Not sure about the current status. Note that there are two different issues here: 1. Letting ssh using a key pair instead of a password - already done 2. verifying the fingerprint, whether input by user or saved after first login - not sure -- Didi