[ovirt-users] [Fwd: options for root and password]

Yair Zaslavsky yzaslavs at redhat.com
Tue Oct 21 08:00:58 UTC 2014



----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Sven Kieske" <s.kieske at mittwald.de>
> Cc: users at ovirt.org
> Sent: Tuesday, October 21, 2014 10:49:02 AM
> Subject: Re: [ovirt-users] [Fwd: options for root and password]
> 
> 
> 
> ----- Original Message -----
> > From: "Sven Kieske" <s.kieske at mittwald.de>
> > To: users at ovirt.org
> > Sent: Tuesday, October 21, 2014 10:40:39 AM
> > Subject: Re: [ovirt-users] [Fwd: options for root and password]
> > 
> > 
> > On 21/10/14 09:21, Sven Kieske wrote:
> > > I don't know if this is still valid, I don't find any
> > > options regarding public/private keys in ovirt 3.3. but
> > > I would be very interested in this topic to tighten security.
> > 
> > It just turns out this already works in ovirt 3.3.2
> > maybe even earlier, but I would like to know
> > if the point about host key validation on the mentioned wiki
> > page is still true, as I think this would be cve-worthy.
> 
> When host is added its ssh fingerprint is recorded in database, and is
> enforced from this point on.
> Only at Edit Host dialog it can be modified.
> You can also pre-fetch the fingerprint before adding the host at Add Host
> dialog in order to confirm that it is the correct host, it will add this
> fingerprint to database and enforce it when adding the host too.


CC'ing Yaniv Bronheim who was the feature owner for ssh fingerprint usage during host addition.
I guess Yaniv can confirm exactly which version it was added.


> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list