[ovirt-users] [Fwd: options for root and password]

Thompson, John H. (GSFC-606.2)[Computer Sciences Corporation] hoot at ptpnow.com
Wed Oct 22 22:28:23 EDT 2014


So in trying to use keys instead of root/password, per the ovirt GUI I
enter the address of the host, specify port 2222 (sshd listening here
will allow ssh into root via keys), check the "SSH Public Key" button,
copy the contents of the key provided in the UI to the
/root/.ssh/authorized_keys
file on the node being added, and get:

Error while executing action: Cannot install Host with empty password.



The logs show:

WARN  [org.ovirt.engine.core.bll.AddVdsCommand] (ajp--127.0.0.1-8702-6)
[750e08ac] CanDoAction of action AddVds failed.
Reasons:VAR__ACTION__ADD,VAR__TYPE__HOST,$server
*our_server's_hostname*,VDS_CANNOT_INSTALL_EMPTY_PASSWORD



On 10/21/14 4:00 AM, "Yair Zaslavsky" <yzaslavs at redhat.com> wrote:

>
>
>----- Original Message -----
>> From: "Alon Bar-Lev" <alonbl at redhat.com>
>> To: "Sven Kieske" <s.kieske at mittwald.de>
>> Cc: users at ovirt.org
>> Sent: Tuesday, October 21, 2014 10:49:02 AM
>> Subject: Re: [ovirt-users] [Fwd: options for root and password]
>> 
>> 
>> 
>> ----- Original Message -----
>> > From: "Sven Kieske" <s.kieske at mittwald.de>
>> > To: users at ovirt.org
>> > Sent: Tuesday, October 21, 2014 10:40:39 AM
>> > Subject: Re: [ovirt-users] [Fwd: options for root and password]
>> > 
>> > 
>> > On 21/10/14 09:21, Sven Kieske wrote:
>> > > I don't know if this is still valid, I don't find any
>> > > options regarding public/private keys in ovirt 3.3. but
>> > > I would be very interested in this topic to tighten security.
>> > 
>> > It just turns out this already works in ovirt 3.3.2
>> > maybe even earlier, but I would like to know
>> > if the point about host key validation on the mentioned wiki
>> > page is still true, as I think this would be cve-worthy.
>> 
>> When host is added its ssh fingerprint is recorded in database, and is
>> enforced from this point on.
>> Only at Edit Host dialog it can be modified.
>> You can also pre-fetch the fingerprint before adding the host at Add
>>Host
>> dialog in order to confirm that it is the correct host, it will add this
>> fingerprint to database and enforce it when adding the host too.
>
>
>CC'ing Yaniv Bronheim who was the feature owner for ssh fingerprint usage
>during host addition.
>I guess Yaniv can confirm exactly which version it was added.
>
>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>> 
>_______________________________________________
>Users mailing list
>Users at ovirt.org
>http://lists.ovirt.org/mailman/listinfo/users




More information about the Users mailing list