Michael March schreef:
Michael March schreef:
.. in this setup you MUST have the ssh public key of the user the web
server runs as in the 'root' account of each server it manages..
again, this might not be 100% kosher.. but it works.
The main problem I encounter is the hostname voodoo...but that check
can be disabled. I probably make an automatic hostname based on mac
address, and send that via SSH to the main box.
A shared certificate is probably an option too, if the hostname is
ignored.
Hmm.. I'm not sure what you exactly mean by "hostname voodoo".... Do you
mean the checks the ssh client does the first time it connects to an
unknown server?
No I mean that the certificate is not valid if the hostname doesn't
match. (It is possible to disable that in the connection string though)
Stefan
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list