[ovirt-users] [Fwd: options for root and password]
Alon Bar-Lev
alonbl at redhat.com
Tue Oct 21 07:34:33 UTC 2014
----- Original Message -----
> From: "Sven Kieske" <s.kieske at mittwald.de>
> To: users at ovirt.org
> Sent: Tuesday, October 21, 2014 10:30:34 AM
> Subject: Re: [ovirt-users] [Fwd: options for root and password]
>
>
>
> On 21/10/14 09:21, Sven Kieske wrote:
> >
> >
> > On 21/10/14 09:05, Yedidyah Bar David wrote:
> >> ----- Original Message -----
> >>> From: "Hoot Thompson" <hoot at ptpnow.com>
> >>> To: users at ovirt.org
> >>> Sent: Tuesday, October 21, 2014 3:52:24 AM
> >>> Subject: [ovirt-users] [Fwd: options for root and password]
> >>>
> >>>
> >>>
> >>> Is there an alternative to the root/paasword approach to managing hosts
> >>> (by the engine)? Our preference would be keys/passphrase if that's
> >>> possible.
> >>
> >> IIRC we already allow that, no? In the "new host" dialog you can choose
> >> "ssh public key".
> >>
> >> Best,
> >>
> >
> > Well there is this wiki page:
> >
> > http://www.ovirt.org/Features/Ssh_Abilities
> >
> > but it is from 2013 and has this security hole:
> >
> > "Currently we don't enforce fingerprint validation."
> >
> > I don't know if this is still valid, I don't find any
> > options regarding public/private keys in ovirt 3.3. but
> > I would be very interested in this topic to tighten security.
> >
>
> I found this:
>
> http://www.ovirt.org/OVirt_Administration_Guide#Host_Tasks
>
> "Select an authentication method to use with the host.
>
> 1. Enter the root user's password to use password authentication.
> 2. Copy the key displayed in the SSH PublicKey field to
> /root/.ssh/authorized_keys on the host to use public key authentication."
>
> I guess this just works from version 3.4 upwards or also for 3.3.?
> if for 3.3. since which z stream release?
As far as I remember it is since 3.4.
More information about the Users
mailing list