Re: [PATCH] add no_tty flag for ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel P. Berrange wrote:

The use of '-o PasswordAuthentication=no' isn't sufficient because even
with pulic key / gssapi auth schemes it may prompt for passwords and/or
passphrases.

I think we need to use  '-T -o BatchMode=yes', and regardless of the
no_tty flag I think it could be wise to add '-e none'.


Yes, that's right.  Try this patch.

Rich.

--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.  Registered in
England and Wales under Company Registration No. 03798903

Index: docs/libvir.html
===================================================================
RCS file: /data/cvs/libvirt/docs/libvir.html,v
retrieving revision 1.83
diff -u -r1.83 libvir.html
--- docs/libvir.html	19 Sep 2007 02:28:01 -0000	1.83
+++ docs/libvir.html	20 Sep 2007 12:10:51 -0000
@@ -1762,6 +1762,20 @@
 <td> Example: <code>no_verify=1</code> </td>
 </tr>
 
+<tr>
+<td> <code>no_tty</code> </td>
+<td> ssh </td>
+<td>
+  If set to a non-zero value, this stops ssh from asking for
+  a password if it cannot log in to the remote machine automatically
+  (eg. using ssh-agent etc.).  Use this when you don't have access
+  to a terminal - for example in graphical programs which use libvirt.
+</td>
+</tr>
+<tr> <td colspan="2"></td>
+<td> Example: <code>no_tty=1</code> </td>
+</tr>
+
 </table>
 
 <h3><a name="Remote_certificates">Generating TLS certificates</a></h3>
Index: docs/remote.html
===================================================================
RCS file: /data/cvs/libvirt/docs/remote.html,v
retrieving revision 1.14
diff -u -r1.14 remote.html
--- docs/remote.html	19 Sep 2007 02:28:01 -0000	1.14
+++ docs/remote.html	20 Sep 2007 12:10:52 -0000
@@ -195,6 +195,16 @@
 </td>
 </tr><tr><td colspan="2"></td>
 <td> Example: <code>no_verify=1</code> </td>
+</tr><tr><td> <code>no_tty</code> </td>
+<td> ssh </td>
+<td>
+  If set to a non-zero value, this stops ssh from asking for
+  a password if it cannot log in to the remote machine automatically
+  (eg. using ssh-agent etc.).  Use this when you don't have access
+  to a terminal - for example in graphical programs which use libvirt.
+</td>
+</tr><tr><td colspan="2"></td>
+<td> Example: <code>no_tty=1</code> </td>
 </tr></table><h3><a name="Remote_certificates" id="Remote_certificates">Generating TLS certificates</a></h3><h4><a name="Remote_PKI" id="Remote_PKI">Public Key Infrastructure set up</a></h4><p>
 If you are unsure how to create TLS certificates, skip to the
 next section.
Index: src/remote_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/remote_internal.c,v
retrieving revision 1.24
diff -u -r1.24 remote_internal.c
--- src/remote_internal.c	19 Sep 2007 21:44:32 -0000	1.24
+++ src/remote_internal.c	20 Sep 2007 12:10:54 -0000
@@ -291,7 +291,7 @@
      */
     char *name = 0, *command = 0, *sockname = 0, *netcat = 0, *username = 0;
     char *server = 0, *port = 0;
-    int no_verify = 0;
+    int no_verify = 0, no_tty = 0;
     char **cmd_argv = 0;
 
     /* Return code from this function, and the private data. */
@@ -356,6 +356,9 @@
         } else if (strcasecmp (var->name, "no_verify") == 0) {
             no_verify = atoi (var->value);
             var->ignore = 1;
+        } else if (strcasecmp (var->name, "no_tty") == 0) {
+            no_tty = atoi (var->value);
+            var->ignore = 1;
         }
 #if DEBUG
         else
@@ -554,7 +557,10 @@
     }
 
     case trans_ssh: {
-        int j, nr_args = username ? 10 : 8;
+        int j, nr_args = 8;
+
+        if (username) nr_args += 2; /* For -l username */
+        if (no_tty) nr_args += 5;   /* For -T -o BatchMode=yes -e none */
 
         command = command ? : strdup ("ssh");
 
@@ -569,6 +575,13 @@
             cmd_argv[j++] = strdup ("-l");
             cmd_argv[j++] = strdup (username);
         }
+        if (no_tty) {
+            cmd_argv[j++] = strdup ("-T");
+            cmd_argv[j++] = strdup ("-o");
+            cmd_argv[j++] = strdup ("BatchMode=yes");
+	    cmd_argv[j++] = strdup ("-e");
+	    cmd_argv[j++] = strdup ("none");
+        }
         cmd_argv[j++] = strdup (server);
         cmd_argv[j++] = strdup (netcat ? netcat : "nc");
         cmd_argv[j++] = strdup ("-U");

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]