[ovirt-users] [Fwd: options for root and password]
Alon Bar-Lev
alonbl at redhat.com
Tue Oct 21 07:26:04 UTC 2014
----- Original Message -----
> From: "Sven Kieske" <s.kieske at mittwald.de>
> To: users at ovirt.org
> Sent: Tuesday, October 21, 2014 10:21:17 AM
> Subject: Re: [ovirt-users] [Fwd: options for root and password]
>
>
>
> On 21/10/14 09:05, Yedidyah Bar David wrote:
> > ----- Original Message -----
> >> From: "Hoot Thompson" <hoot at ptpnow.com>
> >> To: users at ovirt.org
> >> Sent: Tuesday, October 21, 2014 3:52:24 AM
> >> Subject: [ovirt-users] [Fwd: options for root and password]
> >>
> >>
> >>
> >> Is there an alternative to the root/paasword approach to managing hosts
> >> (by the engine)? Our preference would be keys/passphrase if that's
> >> possible.
> >
> > IIRC we already allow that, no? In the "new host" dialog you can choose
> > "ssh public key".
> >
> > Best,
> >
>
> Well there is this wiki page:
>
> http://www.ovirt.org/Features/Ssh_Abilities
>
> but it is from 2013 and has this security hole:
>
> "Currently we don't enforce fingerprint validation."
>
> I don't know if this is still valid, I don't find any
> options regarding public/private keys in ovirt 3.3. but
> I would be very interested in this topic to tighten security.
Please review 3.4 or 3.5, there is full enforcement per ssh fingerprint and you can view the engine public key to be installed within the "Add Host" dialog and use PK authentication.
More information about the Users
mailing list