On Mon, Feb 14, 2022 at 01:56:17AM -0800, Andrea Bolognani wrote: > On Fri, Feb 11, 2022 at 05:46:31PM +0000, Daniel P. Berrangé wrote: > > > - return g_strdup_printf("sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; " > > > - "if test $? = 0; then " > > > + return g_strdup_printf("sh -c 'if which virt-ssh-helper >/dev/null 2>&1; then " > > > "%s; " > > > "else " > > > "%s; " > > > > I understand the motivation, but please don't change this. Applications > > like OpenStack have configured ssh authorized_keys files with the > > specific command that libvirt invokes. So changes like this will break > > their SSH configs. We caused this pain when we first introduced the > > virt-ssh-helper, but at least that was giving them a functional > > improvement and they could use a URI parameter to force the old command > > string. This change is just prettiness for no functional improvement > > so is not worth breaking apps for. > > Can you please provide pointers to the OpenStack implementation of > this and the issue that resulted from introducing virt-ssh-helper? I don't know where the code is. I just know that they were broken by our changes in this area. > AFAICT the only way to restrict what commands a user can run after > successfully authenticating is to specify command=... before the > corresponding key in authorized_keys and I don't see how this change, > or indeed the one that happened when virt-ssh-helper was added, could > interfere with that. The command that was listed in the authorized_keys file no longer matched what libvirt was actually invoking, so it was rightly rejected. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|