<div dir="ltr"><div>Hi Maoz,<br><br></div>You should not be using the engine and not the root user for the ssh keys. The actions are delegated to a host and the vdsm user. So you should set-up ssh keys for the vdsm user on one or all of the hosts (remember to select this host as proxy host in the gui). Probably the documentation should be updated to make this more clear.<br><br>1. Make the keygen for vdsm user:<br> <br> # sudo -u vdsm ssh-keygen<br><br>2.Do the first login to confirm the fingerprints using "yes":<br> <br> # sudo -u vdsm ssh root@xxx.xxx.xxx.xxx<br><br>3. Then copy the key to the KVm host running the vm:<br><br> # sudo -u vdsm ssh-copy-id root@xxx.xxx.xxx.xxx<br> <br>4. Now verify is vdsm can login without password or not:<br> <br> # sudo -u vdsm ssh root@xxx.xxx.xxx.xxx<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 8, 2018 at 3:12 PM, Petr Kotas <span dir="ltr"><<a href="mailto:pkotas@redhat.com" target="_blank">pkotas@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>You can generate one :). There are different guides for different platforms.<br><br></div>The link I sent is the good start on where to put the keys and how to set it up.<span class="HOEnZb"><font color="#888888"><br><br></font></span></div><span class="HOEnZb"><font color="#888888">Petr<br></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 8, 2018 at 3:09 PM, maoz zadok <span dir="ltr"><<a href="mailto:maozza@gmail.com" target="_blank">maozza@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Using the command line on the engine machine (as root) works fine. I don't use ssh key from the agent GUI but the authentication section (with root user and password),<div>I think that it's a bug, I manage to migrate with TCP but I just want to let you know.</div><div><br></div><div>is it possible to use ssh-key from the agent GUI? how can I get the key?</div></div><div class="m_-4200840602002026855HOEnZb"><div class="m_-4200840602002026855h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 8, 2018 at 2:51 PM, Petr Kotas <span dir="ltr"><<a href="mailto:pkotas@redhat.com" target="_blank">pkotas@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Maoz,<br><br></div>it looks like cannot connect due to wrong setup of ssh keys. Which linux are you using?<br></div>The guide for setting the ssh connection to libvirt is here: <a href="https://wiki.libvirt.org/page/SSHSetup" target="_blank">https://wiki.libvirt.org/page/<wbr>SSHSetup</a><br><br></div>May it helps?<br><br></div>Petr<br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_-4200840602002026855m_9152672452162185351h5">On Wed, Feb 7, 2018 at 10:53 PM, maoz zadok <span dir="ltr"><<a href="mailto:maozza@gmail.com" target="_blank">maozza@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-4200840602002026855m_9152672452162185351h5"><div dir="ltr">Hello there,<div><br></div><div>I'm following <span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><a href="https://www.ovirt.org/develop/release-management/features/virt/KvmToOvirt/" target="_blank">https://www.ovirt.org/develop/<wbr>release-management/features/vi<wbr>rt/KvmToOvirt/</a> </span>guide in order to import VMS from Libvirt to oVirt using ssh.</div><div> URL: "qemu+ssh://<a href="http://host1.example.org/system" target="_blank">host1.example.org/<wbr>system</a>"</div><div><br></div><div>and get the following error:</div><div><div>Failed to communicate with the external provider, see log for additional details.</div></div><div><br></div><div><br></div><div><b><u>oVirt agent log:</u></b></div><div><i><font size="1">- Failed to retrieve VMs information from external server qemu+ssh://XXX.XXX.XXX.XXX/sys<wbr>tem<br></font></i></div><div><i><font size="1">- VDSM XXX command GetVmsNamesFromExternalProvide<wbr>rVDS failed: Cannot recv data: Host key verification failed.: Connection reset by peer</font></i><br></div><div><br></div><div><br></div><div><br></div><div><u><b>remote host sshd DEBUG log:</b></u></div><div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: Connection from XXX.XXX.XXX.147 port 48148 on XXX.XXX.XXX.123 port 22</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: Local version string SSH-2.0-OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: Enabling compatibility mode for protocol 2.0</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: SELinux support disabled [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: permanently_set_uid: 74/74 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-<wbr>256,ecdsa-sha2-nistp256,ssh-ed<wbr>25519 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT received [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: algorithm: curve25519-sha256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: client->server cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: server->client cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: rekey after 134217728 blocks [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_NEWKEYS sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: Connection closed by XXX.XXX.XXX.147 port 48148 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: do_cleanup [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: do_cleanup</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110005]: debug1: Killing privsep child 110006</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[109922]: debug1: Forked child 110007.</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: Set /proc/self/oom_score_adj to 0</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: inetd sockets after dupping: 3, 3</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: Connection from XXX.XXX.XXX.147 port 48150 on XXX.XXX.XXX.123 port 22</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: Local version string SSH-2.0-OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: Enabling compatibility mode for protocol 2.0</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: SELinux support disabled [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: permanently_set_uid: 74/74 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-<wbr>256,ecdsa-sha2-nistp256,ssh-ed<wbr>25519 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT received [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: algorithm: curve25519-sha256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: client->server cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: server->client cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: rekey after 134217728 blocks [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_NEWKEYS sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: Connection closed by XXX.XXX.XXX.147 port 48150 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: do_cleanup [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: do_cleanup</font></i></div><div><i><font size="1">Feb 7 16:38:29 XXX sshd[110007]: debug1: Killing privsep child 110008</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[109922]: debug1: Forked child 110009.</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: Set /proc/self/oom_score_adj to 0</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: inetd sockets after dupping: 3, 3</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: Connection from XXX.XXX.XXX.147 port 48152 on XXX.XXX.XXX.123 port 22</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: Local version string SSH-2.0-OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: Enabling compatibility mode for protocol 2.0</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: SELinux support disabled [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: permanently_set_uid: 74/74 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-<wbr>256,ecdsa-sha2-nistp256,ssh-ed<wbr>25519 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT received [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: algorithm: curve25519-sha256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: client->server cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: server->client cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: rekey after 134217728 blocks [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_NEWKEYS sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: Connection closed by XXX.XXX.XXX.147 port 48152 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: do_cleanup [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: do_cleanup</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110009]: debug1: Killing privsep child 110010</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[109922]: debug1: Forked child 110011.</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: Set /proc/self/oom_score_adj to 0</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: inetd sockets after dupping: 3, 3</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: Connection from XXX.XXX.XXX.147 port 48154 on XXX.XXX.XXX.123 port 22</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: Local version string SSH-2.0-OpenSSH_7.4</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: Enabling compatibility mode for protocol 2.0</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: SELinux support disabled [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: permanently_set_uid: 74/74 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-<wbr>256,ecdsa-sha2-nistp256,ssh-ed<wbr>25519 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT received [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: algorithm: curve25519-sha256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: client->server cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: server->client cipher: <a href="mailto:chacha20-poly1305@openssh.com" target="_blank">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression: none [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256 need=64 dh_need=64 [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: rekey after 134217728 blocks [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_NEWKEYS sent [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]</font></i></div><div><i><font size="1">Feb 7 16:38:30 XXX sshd[110011]: Connection closed by XXX.XXX.XXX.147 port 48154 [preauth]</font></i></div></div><div><br></div><div><br></div><div>Thank you!</div></div>
<br></div></div>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>