[ovirt-users] [Fwd: options for root and password]
Alon Bar-Lev
alonbl at redhat.com
Thu Oct 23 02:30:10 EDT 2014
----- Original Message -----
> From: "John H. Thompson (GSFC-606.2)[Computer Sciences Corporation]" <hoot at ptpnow.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>, "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Thursday, October 23, 2014 5:28:23 AM
> Subject: Re: [ovirt-users] [Fwd: options for root and password]
>
> So in trying to use keys instead of root/password, per the ovirt GUI I
> enter the address of the host, specify port 2222 (sshd listening here
> will allow ssh into root via keys), check the "SSH Public Key" button,
> copy the contents of the key provided in the UI to the
> /root/.ssh/authorized_keys
> file on the node being added, and get:
>
> Error while executing action: Cannot install Host with empty password.
>
please make sure:
1. /root/.ssh is owned by root and its mode is 0700
2. /root/.ssh/authorized_keys is owned by root and its mode is 0600
3. you run restorecon -r /root/.ssh to set correct selinux properties.
>
>
> The logs show:
>
> WARN [org.ovirt.engine.core.bll.AddVdsCommand] (ajp--127.0.0.1-8702-6)
> [750e08ac] CanDoAction of action AddVds failed.
> Reasons:VAR__ACTION__ADD,VAR__TYPE__HOST,$server
> *our_server's_hostname*,VDS_CANNOT_INSTALL_EMPTY_PASSWORD
>
>
>
> On 10/21/14 4:00 AM, "Yair Zaslavsky" <yzaslavs at redhat.com> wrote:
>
> >
> >
> >----- Original Message -----
> >> From: "Alon Bar-Lev" <alonbl at redhat.com>
> >> To: "Sven Kieske" <s.kieske at mittwald.de>
> >> Cc: users at ovirt.org
> >> Sent: Tuesday, October 21, 2014 10:49:02 AM
> >> Subject: Re: [ovirt-users] [Fwd: options for root and password]
> >>
> >>
> >>
> >> ----- Original Message -----
> >> > From: "Sven Kieske" <s.kieske at mittwald.de>
> >> > To: users at ovirt.org
> >> > Sent: Tuesday, October 21, 2014 10:40:39 AM
> >> > Subject: Re: [ovirt-users] [Fwd: options for root and password]
> >> >
> >> >
> >> > On 21/10/14 09:21, Sven Kieske wrote:
> >> > > I don't know if this is still valid, I don't find any
> >> > > options regarding public/private keys in ovirt 3.3. but
> >> > > I would be very interested in this topic to tighten security.
> >> >
> >> > It just turns out this already works in ovirt 3.3.2
> >> > maybe even earlier, but I would like to know
> >> > if the point about host key validation on the mentioned wiki
> >> > page is still true, as I think this would be cve-worthy.
> >>
> >> When host is added its ssh fingerprint is recorded in database, and is
> >> enforced from this point on.
> >> Only at Edit Host dialog it can be modified.
> >> You can also pre-fetch the fingerprint before adding the host at Add
> >>Host
> >> dialog in order to confirm that it is the correct host, it will add this
> >> fingerprint to database and enforce it when adding the host too.
> >
> >
> >CC'ing Yaniv Bronheim who was the feature owner for ssh fingerprint usage
> >during host addition.
> >I guess Yaniv can confirm exactly which version it was added.
> >
> >
> >> _______________________________________________
> >> Users mailing list
> >> Users at ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
> >_______________________________________________
> >Users mailing list
> >Users at ovirt.org
> >http://lists.ovirt.org/mailman/listinfo/users
>
>
>
More information about the Users
mailing list