Hello Everything worked with 4.3.10, then i upgraded to 4.4.4 and finally to 4.4.5The upgrade path was the same with other engines but all worked as expected. Le 18 avr. 2021 16:00, Sharon Gratch a écrit : Hi, Please follow the instructions mentioned here: https://www.ovirt.org/documentation/virtual_machine_management_guide/#Loggin... <https://www.ovirt.org/documentation/virtual_machine_management_guide/#Logging_in_to_a_virtual_machine_using_SPICE>-
" Opening a Serial Console to a Virtual Machine".
It seems that something is wrong with the user permissions/keys. Is the 4.4.5 oVirt installation an upgraded or a new installation? You mentioned that it's working with your other engines? Do they all use the 4.4.5 version? Thanks, Sharon On Fri, Apr 16, 2021 at 1:31 PM Nathanaël Blanchet <blanchet@abes.fr> wrote:
I removed the user and created an other time. Now, I have this
The key seems to be present in the DB
engine=# SELECT users.username, user_profiles.property_content::text FROM user_profiles JOIN users ON users.user_id = user_profiles.user_id WHERE user_profiles.property_type= 'SSH_PUBLIC_KEY'; username | property_content
--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------- sblanchet@levant.abes.fr | "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQ
sy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArn NcmS6JFxnPIrGYxxmv01K6VXVvw==" (1 row)
and now in the api
<ssh_public_keys> <ssh_public_key href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3/sshpublickeys/70850a0e-1b20-4dd5-9fcd-4f64303509d1"
id="70850a0e-1b20-4dd5-9fcd-4f64303509d1"> <content> ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw== </content> <user href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3" id="64b7f3bf-9d43-4508-af93-63ad77652be3"/> </ssh_public_key> </ssh_public_keys>
but I still can't connect
$ ssh -t -p 2222 ovirt-vmconsole@air.v100.abes.fr connect ovirt-vmconsole@air.v100.abes.fr: Permission denied (publickey).
and
[root@air ~]# /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version "1" keys
still returns empty string...
Le 16/04/2021 à 11:07, Nathanaël Blanchet a écrit :
Le 16/04/2021 à 10:31, Radoslaw Szwajkowski a écrit :
[root@air-dev ~]# /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version "1" keys {"keys": [{"entityid": "d5e69fa0-96a0-4aae-952d-18fe36940248", "entity": "sblanchet@levant.abes.fr@abes.fr-authz", "key": "ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw=="}],
"version": 1, "content": "key_list"}
but the same command on the main engine returns empty
[root@air ~]# /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version "1" keys
Empty list (no keys) should look similar to: {"keys": [], "version": 1, "content": "key_list"} In your case it seems that VMConsoleProxyServlet is not responding i.e. on my dev env I get a similar result (empty output,error code 1) when server is down.
it is up
● ovirt-vmconsole-proxy-sshd.service - oVirt VM Console SSH server daemon Loaded: loaded (/usr/lib/systemd/system/ovirt-vmconsole-proxy-sshd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-04-16 10:50:41 CEST; 1min 27s ago Main PID: 1914370 (sshd) Tasks: 1 (limit: 204594) Memory: 3.5M CGroup: /system.slice/ovirt-vmconsole-proxy-sshd.service └─1914370 /usr/sbin/sshd -f
/usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
-D
avril 16 10:50:41 air.v100.abes.fr systemd[1]: Started oVirt VM Console SSH server daemon. avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on 0.0.0.0 port 2222. avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on :: port 2222. avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914540]: 2021-04-16 10:52:02,241+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[1914536]: ERROR Key list execution failed rc=1 avril 16 10:52:02 air.v100.abes.fr sshd[1914534]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914547]: 2021-04-16 10:52:02,806+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[1914543]: ERROR Key list execution failed rc=1 avril 16 10:52:02 air.v100.abes.fr sshd[1914534]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 avril 16 10:52:03 air.v100.abes.fr sshd[1914534]: Connection closed by authenticating user ovirt-vmconsole 10.34.100.131 port 53674 [preauth]
However you can check if DB contains the right data (key is encoded as JSON string - enclosed in double quotes): SELECT users.username, user_profiles.property_content::text FROM user_profiles JOIN users ON users.user_id = user_profiles.user_id WHERE user_profiles.property_type= 'SSH_PUBLIC_KEY';
https://air.v100.abes.fr//ovirt-engine/api/users/1bb90486-d431-4554-a6a1-376...
<ssh_public_keys/>
is empty
while
https://air-dev.v100.abes.fr/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-...
returns
<ssh_public_keys> <ssh_public_key
href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248/sshpublickeys/1fa3fcaf-7475-4c72-9565-b32425d3c8fd"
id="1fa3fcaf-7475-4c72-9565-b32425d3c8fd"> <content> ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw==
</content> <user href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248" id="d5e69fa0-96a0-4aae-952d-18fe36940248"/> </ssh_public_key> </ssh_public_keys>
best regards, Radek
-- Nathanaël Blanchet
Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TUHJA7C32NPJ5K...