[ovirt-users] [Fwd: options for root and password]
Yedidyah Bar David
didi at redhat.com
Tue Oct 21 07:26:28 UTC 2014
----- Original Message -----
> From: "Sven Kieske" <s.kieske at mittwald.de>
> To: users at ovirt.org
> Sent: Tuesday, October 21, 2014 10:21:17 AM
> Subject: Re: [ovirt-users] [Fwd: options for root and password]
>
>
>
> On 21/10/14 09:05, Yedidyah Bar David wrote:
> > ----- Original Message -----
> >> From: "Hoot Thompson" <hoot at ptpnow.com>
> >> To: users at ovirt.org
> >> Sent: Tuesday, October 21, 2014 3:52:24 AM
> >> Subject: [ovirt-users] [Fwd: options for root and password]
> >>
> >>
> >>
> >> Is there an alternative to the root/paasword approach to managing hosts
> >> (by the engine)? Our preference would be keys/passphrase if that's
> >> possible.
> >
> > IIRC we already allow that, no? In the "new host" dialog you can choose
> > "ssh public key".
> >
> > Best,
> >
>
> Well there is this wiki page:
>
> http://www.ovirt.org/Features/Ssh_Abilities
>
> but it is from 2013 and has this security hole:
>
> "Currently we don't enforce fingerprint validation."
>
> I don't know if this is still valid, I don't find any
> options regarding public/private keys in ovirt 3.3. but
> I would be very interested in this topic to tighten security.
I agree. Not sure about the current status.
Note that there are two different issues here:
1. Letting ssh using a key pair instead of a password - already done
2. verifying the fingerprint, whether input by user or saved after first login - not sure
--
Didi
More information about the Users
mailing list