On Fri, Feb 11, 2022 at 05:46:31PM +0000, Daniel P. Berrangé wrote:
> > - return g_strdup_printf("sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; "
> > - "if test $? = 0; then "
> > + return g_strdup_printf("sh -c 'if which virt-ssh-helper >/dev/null 2>&1; then "
> > "%s; "
> > "else "
> > "%s; "
>
> I understand the motivation, but please don't change this. Applications
> like OpenStack have configured ssh authorized_keys files with the
> specific command that libvirt invokes. So changes like this will break
> their SSH configs. We caused this pain when we first introduced the
> virt-ssh-helper, but at least that was giving them a functional
> improvement and they could use a URI parameter to force the old command
> string. This change is just prettiness for no functional improvement
> so is not worth breaking apps for.
Can you please provide pointers to the OpenStack implementation of
this and the issue that resulted from introducing virt-ssh-helper?
AFAICT the only way to restrict what commands a user can run after
successfully authenticating is to specify command=... before the
corresponding key in authorized_keys and I don't see how this change,
or indeed the one that happened when virt-ssh-helper was added, could
interfere with that.
--
Andrea Bolognani / Red Hat / Virtualization
