[ovirt-users] [Fwd: options for root and password]

Yedidyah Bar David didi at redhat.com
Tue Oct 21 07:26:28 UTC 2014


----- Original Message -----
> From: "Sven Kieske" <s.kieske at mittwald.de>
> To: users at ovirt.org
> Sent: Tuesday, October 21, 2014 10:21:17 AM
> Subject: Re: [ovirt-users] [Fwd: options for root and password]
> 
> 
> 
> On 21/10/14 09:05, Yedidyah Bar David wrote:
> > ----- Original Message -----
> >> From: "Hoot Thompson" <hoot at ptpnow.com>
> >> To: users at ovirt.org
> >> Sent: Tuesday, October 21, 2014 3:52:24 AM
> >> Subject: [ovirt-users] [Fwd: options for root and password]
> >>
> >>
> >>
> >> Is there an alternative to the root/paasword approach to managing hosts
> >> (by the engine)? Our preference would be keys/passphrase if that's
> >> possible.
> > 
> > IIRC we already allow that, no? In the "new host" dialog you can choose
> > "ssh public key".
> > 
> > Best,
> > 
> 
> Well there is this wiki page:
> 
> http://www.ovirt.org/Features/Ssh_Abilities
> 
> but it is from 2013 and has this security hole:
> 
> "Currently we don't enforce fingerprint validation."
> 
> I don't know if this is still valid, I don't find any
> options regarding public/private keys in ovirt 3.3. but
> I would be very interested in this topic to tighten security.

I agree. Not sure about the current status.

Note that there are two different issues here:

1. Letting ssh using a key pair instead of a password - already done
2. verifying the fingerprint, whether input by user or saved after first login - not sure
-- 
Didi



More information about the Users mailing list