[ovirt-users] [Fwd: options for root and password]

Alon Bar-Lev alonbl at redhat.com
Tue Oct 21 07:34:33 UTC 2014



----- Original Message -----
> From: "Sven Kieske" <s.kieske at mittwald.de>
> To: users at ovirt.org
> Sent: Tuesday, October 21, 2014 10:30:34 AM
> Subject: Re: [ovirt-users] [Fwd: options for root and password]
> 
> 
> 
> On 21/10/14 09:21, Sven Kieske wrote:
> > 
> > 
> > On 21/10/14 09:05, Yedidyah Bar David wrote:
> >> ----- Original Message -----
> >>> From: "Hoot Thompson" <hoot at ptpnow.com>
> >>> To: users at ovirt.org
> >>> Sent: Tuesday, October 21, 2014 3:52:24 AM
> >>> Subject: [ovirt-users] [Fwd: options for root and password]
> >>>
> >>>
> >>>
> >>> Is there an alternative to the root/paasword approach to managing hosts
> >>> (by the engine)? Our preference would be keys/passphrase if that's
> >>> possible.
> >>
> >> IIRC we already allow that, no? In the "new host" dialog you can choose
> >> "ssh public key".
> >>
> >> Best,
> >>
> > 
> > Well there is this wiki page:
> > 
> > http://www.ovirt.org/Features/Ssh_Abilities
> > 
> > but it is from 2013 and has this security hole:
> > 
> > "Currently we don't enforce fingerprint validation."
> > 
> > I don't know if this is still valid, I don't find any
> > options regarding public/private keys in ovirt 3.3. but
> > I would be very interested in this topic to tighten security.
> > 
> 
> I found this:
> 
> http://www.ovirt.org/OVirt_Administration_Guide#Host_Tasks
> 
> "Select an authentication method to use with the host.
> 
>   1.  Enter the root user's password to use password authentication.
>   2.  Copy the key displayed in the SSH PublicKey field to
> /root/.ssh/authorized_keys on the host to use public key authentication."
> 
> I guess this just works from version 3.4 upwards or also for 3.3.?
> if for 3.3. since which z stream release?

As far as I remember it is since 3.4.



More information about the Users mailing list