Daniel P. Berrange schrieb: > On Wed, May 06, 2009 at 03:33:47PM +0200, Christian Weyermann wrote: > >> Hello everybody, >> >> We are trying to use libvirt with qemu over ssh and our goal is to have >> authentication done by certificates. Therefore I created a keypair on >> the client and send the public key to the server. Std. SSH connections >> work without an password prompt as expected (ssh <ip> -l user), but if I >> try "sudo virsh -c qemu+ssh://user@<ip>/system" it prompts for a >> password (Beside that password prompt it works as expected). >> >> Is there anything else I have to do beside registering the public key at >> the server? >> > > Do you really mean x509 certificates, or are you actually talking about > RSA/DSA public keys ? I wasn't aware that any SSH did x509 certs for > authentication. > > Why are you using 'sudo' for this ? It seems rather pointless to switch > to root to run virsh, since it is connecting to a remote host and you > can trivially do that as your normal user. Using 'sudo' will almost > certainly stop ssh connecting to the 'ssh-agent' in your session. > > Also note, you can explicitly prevent all password prompts from ssh > by add '?no_tty=1' to the end of the URI > > > There should never be any need to use sudo for virsh in any reasonable > modern Linux desktop. libvirt will use PolicyKit to authenticate securely > as non-root for local connections, and remote connections should just be > run as the normal user > > Regards, > Daniel > Thanks, for your help The problem has been the sudo. Soo stupid from me... If I do sudo ssh will look in the home directoy of root and, of course, there is no ssh key there. So he prompts me for authentication. -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list