Hi Maoz,

You should not be using the engine and not the root user for the ssh keys. The actions are delegated to a host and the vdsm user. So you should set-up ssh keys for the vdsm user on one or all of the hosts (remember to select this host as proxy host in the gui). Probably the documentation should be updated to make this more clear.

1. Make the keygen for vdsm user:
  
   # sudo -u vdsm ssh-keygen

2.Do the first login to confirm the fingerprints using "yes":
  
   # sudo -u vdsm ssh root@xxx.xxx.xxx.xxx

3. Then copy the key to the KVm host running the vm:

   # sudo -u vdsm ssh-copy-id root@xxx.xxx.xxx.xxx
 
4. Now verify is vdsm can login without password or not:
  
   # sudo -u vdsm ssh root@xxx.xxx.xxx.xxx


On Thu, Feb 8, 2018 at 3:12 PM, Petr Kotas <pkotas@redhat.com> wrote:
You can generate one :). There are different guides for different platforms.

The link I sent is the good start on where to put the keys and how to set it up.

Petr

On Thu, Feb 8, 2018 at 3:09 PM, maoz zadok <maozza@gmail.com> wrote:
Using the command line on the engine machine (as root) works fine. I don't use ssh key from the agent GUI but the authentication section (with root user and password),
I think that it's a bug, I manage to migrate with TCP but I just want to let you know.

is it possible to use ssh-key from the agent GUI? how can I get the key?

On Thu, Feb 8, 2018 at 2:51 PM, Petr Kotas <pkotas@redhat.com> wrote:
Hi Maoz,

it looks like cannot connect due to wrong setup of ssh keys. Which linux are you using?
The guide for setting the ssh connection to  libvirt is here: https://wiki.libvirt.org/page/SSHSetup

May it helps?

Petr

On Wed, Feb 7, 2018 at 10:53 PM, maoz zadok <maozza@gmail.com> wrote:
Hello there,

I'm following https://www.ovirt.org/develop/release-management/features/virt/KvmToOvirt/ guide in order to import VMS from Libvirt to oVirt using ssh.
 URL:  "qemu+ssh://host1.example.org/system"

and get the following error:
Failed to communicate with the external provider, see log for additional details.


oVirt agent log:
- Failed to retrieve VMs information from external server qemu+ssh://XXX.XXX.XXX.XXX/system
- VDSM XXX command GetVmsNamesFromExternalProviderVDS failed: Cannot recv data: Host key verification failed.: Connection reset by peer



remote host sshd DEBUG log:
Feb  7 16:38:29 XXX sshd[110005]: Connection from XXX.XXX.XXX.147 port 48148 on XXX.XXX.XXX.123 port 22
Feb  7 16:38:29 XXX sshd[110005]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4
Feb  7 16:38:29 XXX sshd[110005]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
Feb  7 16:38:29 XXX sshd[110005]: debug1: Local version string SSH-2.0-OpenSSH_7.4
Feb  7 16:38:29 XXX sshd[110005]: debug1: Enabling compatibility mode for protocol 2.0
Feb  7 16:38:29 XXX sshd[110005]: debug1: SELinux support disabled [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: permanently_set_uid: 74/74 [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT received [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: rekey after 134217728 blocks [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb  7 16:38:29 XXX sshd[110005]: Connection closed by XXX.XXX.XXX.147 port 48148 [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: do_cleanup [preauth]
Feb  7 16:38:29 XXX sshd[110005]: debug1: do_cleanup
Feb  7 16:38:29 XXX sshd[110005]: debug1: Killing privsep child 110006
Feb  7 16:38:29 XXX sshd[109922]: debug1: Forked child 110007.
Feb  7 16:38:29 XXX sshd[110007]: debug1: Set /proc/self/oom_score_adj to 0
Feb  7 16:38:29 XXX sshd[110007]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb  7 16:38:29 XXX sshd[110007]: debug1: inetd sockets after dupping: 3, 3
Feb  7 16:38:29 XXX sshd[110007]: Connection from XXX.XXX.XXX.147 port 48150 on XXX.XXX.XXX.123 port 22
Feb  7 16:38:29 XXX sshd[110007]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4
Feb  7 16:38:29 XXX sshd[110007]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
Feb  7 16:38:29 XXX sshd[110007]: debug1: Local version string SSH-2.0-OpenSSH_7.4
Feb  7 16:38:29 XXX sshd[110007]: debug1: Enabling compatibility mode for protocol 2.0
Feb  7 16:38:29 XXX sshd[110007]: debug1: SELinux support disabled [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: permanently_set_uid: 74/74 [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT received [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: rekey after 134217728 blocks [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb  7 16:38:29 XXX sshd[110007]: Connection closed by XXX.XXX.XXX.147 port 48150 [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: do_cleanup [preauth]
Feb  7 16:38:29 XXX sshd[110007]: debug1: do_cleanup
Feb  7 16:38:29 XXX sshd[110007]: debug1: Killing privsep child 110008
Feb  7 16:38:30 XXX sshd[109922]: debug1: Forked child 110009.
Feb  7 16:38:30 XXX sshd[110009]: debug1: Set /proc/self/oom_score_adj to 0
Feb  7 16:38:30 XXX sshd[110009]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb  7 16:38:30 XXX sshd[110009]: debug1: inetd sockets after dupping: 3, 3
Feb  7 16:38:30 XXX sshd[110009]: Connection from XXX.XXX.XXX.147 port 48152 on XXX.XXX.XXX.123 port 22
Feb  7 16:38:30 XXX sshd[110009]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4
Feb  7 16:38:30 XXX sshd[110009]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
Feb  7 16:38:30 XXX sshd[110009]: debug1: Local version string SSH-2.0-OpenSSH_7.4
Feb  7 16:38:30 XXX sshd[110009]: debug1: Enabling compatibility mode for protocol 2.0
Feb  7 16:38:30 XXX sshd[110009]: debug1: SELinux support disabled [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: permanently_set_uid: 74/74 [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT received [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: rekey after 134217728 blocks [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb  7 16:38:30 XXX sshd[110009]: Connection closed by XXX.XXX.XXX.147 port 48152 [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: do_cleanup [preauth]
Feb  7 16:38:30 XXX sshd[110009]: debug1: do_cleanup
Feb  7 16:38:30 XXX sshd[110009]: debug1: Killing privsep child 110010
Feb  7 16:38:30 XXX sshd[109922]: debug1: Forked child 110011.
Feb  7 16:38:30 XXX sshd[110011]: debug1: Set /proc/self/oom_score_adj to 0
Feb  7 16:38:30 XXX sshd[110011]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb  7 16:38:30 XXX sshd[110011]: debug1: inetd sockets after dupping: 3, 3
Feb  7 16:38:30 XXX sshd[110011]: Connection from XXX.XXX.XXX.147 port 48154 on XXX.XXX.XXX.123 port 22
Feb  7 16:38:30 XXX sshd[110011]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4
Feb  7 16:38:30 XXX sshd[110011]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
Feb  7 16:38:30 XXX sshd[110011]: debug1: Local version string SSH-2.0-OpenSSH_7.4
Feb  7 16:38:30 XXX sshd[110011]: debug1: Enabling compatibility mode for protocol 2.0
Feb  7 16:38:30 XXX sshd[110011]: debug1: SELinux support disabled [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: permanently_set_uid: 74/74 [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT received [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: rekey after 134217728 blocks [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb  7 16:38:30 XXX sshd[110011]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb  7 16:38:30 XXX sshd[110011]: Connection closed by XXX.XXX.XXX.147 port 48154 [preauth]


Thank you!

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users





_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users