5:29 a.m.
I removed the user and created an other time. Now, I have this
The key seems to be present in the DB
engine=# SELECT users.username, user_profiles.property_content::text
FROM user_profiles
JOIN users ON users.user_id = user_profiles.user_id
WHERE user_profiles.property_type= 'SSH_PUBLIC_KEY';
username |
property_content
--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------
sblanchet(a)levant.abes.fr | "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQ
sy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArn
NcmS6JFxnPIrGYxxmv01K6VXVvw=="
(1 row)
and now in the api
<ssh_public_keys>
<ssh_public_key
href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3/sshpublickeys/70850a0e-1b20-4dd5-9fcd-4f64303509d1"
id="70850a0e-1b20-4dd5-9fcd-4f64303509d1">
<content>
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw==
</content>
<user
href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3"
id="64b7f3bf-9d43-4508-af93-63ad77652be3"/>
</ssh_public_key>
</ssh_public_keys>
but I still can't connect
$ ssh -t -p 2222 ovirt-vmconsole(a)air.v100.abes.fr connect
ovirt-vmconsole(a)air.v100.abes.fr: Permission denied (publickey).
and
[root@air ~]#
/usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py
--version "1" keys
still returns empty string...
Le 16/04/2021 à 11:07, Nathanaël Blanchet a écrit :
Le 16/04/2021 à 10:31, Radoslaw Szwajkowski a écrit :
>> [root@air-dev ~]#
>> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py
>> --version "1" keys
>> {"keys": [{"entityid":
"d5e69fa0-96a0-4aae-952d-18fe36940248",
>> "entity":
>> "sblanchet@levant.abes.fr(a)abes.fr-authz", "key":
"ssh-rsa
>>
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw=="}],
>>
>> "version": 1, "content": "key_list"}
>>
>> but the same command on the main engine returns empty
>>
>> [root@air ~]#
>> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py
>> --version "1" keys
>>
> Empty list (no keys) should look similar to: {"keys": [],
"version":
> 1, "content": "key_list"}
> In your case it seems that VMConsoleProxyServlet is not responding
> i.e. on my dev env I get a similar result (empty output,error code 1)
> when server is down.
it is up
● ovirt-vmconsole-proxy-sshd.service - oVirt VM Console SSH server daemon
Loaded: loaded
(/usr/lib/systemd/system/ovirt-vmconsole-proxy-sshd.service; enabled;
vendor preset: disabled)
Active: active (running) since Fri 2021-04-16 10:50:41 CEST; 1min
27s ago
Main PID: 1914370 (sshd)
Tasks: 1 (limit: 204594)
Memory: 3.5M
CGroup: /system.slice/ovirt-vmconsole-proxy-sshd.service
└─1914370 /usr/sbin/sshd -f
/usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
-D
avril 16 10:50:41 air.v100.abes.fr systemd[1]: Started oVirt VM
Console SSH server daemon.
avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on
0.0.0.0 port 2222.
avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on
:: port 2222.
avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914540]:
2021-04-16 10:52:02,241+0200 ovirt-vmconsole-list: ERROR main:265
Error: HTTP Error 403: Forbidden
avril 16 10:52:02 air.v100.abes.fr
ovirt-vmconsole-proxy-keys[1914536]: ERROR Key list execution failed rc=1
avril 16 10:52:02 air.v100.abes.fr sshd[1914534]:
AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys
ovirt-vmconsole failed, status 1
avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914547]:
2021-04-16 10:52:02,806+0200 ovirt-vmconsole-list: ERROR main:265
Error: HTTP Error 403: Forbidden
avril 16 10:52:02 air.v100.abes.fr
ovirt-vmconsole-proxy-keys[1914543]: ERROR Key list execution failed rc=1
avril 16 10:52:02 air.v100.abes.fr sshd[1914534]:
AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys
ovirt-vmconsole failed, status 1
avril 16 10:52:03 air.v100.abes.fr sshd[1914534]: Connection closed by
authenticating user ovirt-vmconsole 10.34.100.131 port 53674 [preauth]
>
> However you can check if DB contains the right data (key is encoded as
> JSON string - enclosed in double quotes):
> SELECT users.username, user_profiles.property_content::text
> FROM user_profiles
> JOIN users ON users.user_id = user_profiles.user_id
> WHERE user_profiles.property_type= 'SSH_PUBLIC_KEY';
https://air.v100.abes.fr//ovirt-engine/api/users/1bb90486-d431-4554-a6a1-...
<ssh_public_keys/>
is empty
while
https://air-dev.v100.abes.fr/ovirt-engine/api/users/d5e69fa0-96a0-4aae-95...
returns
<ssh_public_keys>
<ssh_public_key
href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248/sshpublickeys/1fa3fcaf-7475-4c72-9565-b32425d3c8fd"
id="1fa3fcaf-7475-4c72-9565-b32425d3c8fd">
<content>
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw==
</content>
<user
href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248"
id="d5e69fa0-96a0-4aae-952d-18fe36940248"/>
</ssh_public_key>
</ssh_public_keys>
>
> best regards,
> Radek
>
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr