[ovirt-users] Error during hosted-engine-setup for 3.5.1 on F20 (Cannot add the host to cluster ... SSH has failed)

Simone Tiraboschi stirabos at redhat.com
Tue Mar 10 09:53:36 UTC 2015



----- Original Message -----
> From: "Sven Kieske" <s.kieske at mittwald.de>
> To: users at ovirt.org
> Sent: Tuesday, March 10, 2015 10:39:36 AM
> Subject: Re: [ovirt-users] Error during hosted-engine-setup for 3.5.1 on F20 (Cannot add the host to cluster ... SSH
> has failed)
> 
> 
> 
> On 09/03/15 17:53, Simone Tiraboschi wrote:
> > it gathers the engine SSH public key from
> > http://{enginefqdn}/engine.ssh.key.txt
> > and it stores it under ~root/.ssh/authenticated_keys to make the
> engine able to
> > add the host without knowing the host root password.
> 
> Sorry that I'm getting off topic, but:
> 
> are you sure this is done via _http_ (without "s")?
> this should be done via https imho.

Yes, I am.

> should I open a BZ for this?

On my opinion no: you just installed the engine and the engine just created its CA.
In order to trust an https connection to the engine you have to trust its CA but you still don't know it cause it's a private one and it has been just created on the engine from scratch.

Blindly downloading the engine CA cert and blindly trusting it is not that different that simply using http to download the public key: in order to fetch it you don't need to send any password or token and being a public key you don't need to crypt it by definition so you don't need encryption. 

 
> --
> Mit freundlichen Grüßen / Regards
> 
> Sven Kieske
> 
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



More information about the Users mailing list