Re: Virsh cmd virsh -c qemu:///system fail with ssh connect a non-root user.

[yupzhang <yupzhang@xxxxxxxxxx>]

On 12/07/2012 12:56 AM, Eric Blake wrote:
> On 12/06/2012 02:53 AM, yupzhang wrote:
> > HI Eric,
> >
> > I have a question about remote access and usermode:
> >
> > 1.Install a host with graphic,and then configure libvirt environment.
> >
> > 2.Login with non-root user.Then run:
> > $ virsh -c qemu:///system
> > Authenticate dialogue will pop up,input the root password,then
> > successfully connect qemu:///system.
> >
> > 3.On another host,connect the host in step 1 with ssh like this:
> > #ssh -X yuping@10.66.*.*
> > input yuping's password.Then ssh to remote yuping user successfully.
> >
> > 4.Run command:
> > $ virsh -c qemu:///system
> > error: authentication failed: Authorization requires authentication but
> > no agent is available.
> >
> > error: failed to connect to the hypervisor
> >
> > Is this a bug? I'm not sure about this,so confirm with you.
> Questions like this are better asked to the libvirt-users@xxxxxxxxxx
> list, where there are more people available to answer the question.
> This particular email nearly got lost in the black hole of a hard disk
> failure on my end last week.
>
> Does the failure also happen when you use 'ssh -A -X' and/or 'ssh -Y'
> instead of plain 'ssh -X'?  I suspect that this is an expected
> limitation of how polkit authentication works, where a local user can be
> trusted to provide the credentials needed, but where an ssh session is
> not a local user; but as I am not very familiar with the libvirt code
> that interacts with polkit, I recommend that you ask the list.

Hi Eric,

Thanks for your reply,I have added libvirt-users@ to cc list.
I have tried 'ssh -A -X' and 'ssh -Y',still failed:
$ virsh -c qemu:///system
error: authentication failed: Authorization requires authentication but 
no agent is available.

error: failed to connect to the hypervisor

Can anyone help me?

Thanks,
Yuping

> > In my opinion,this command should connect qemu:///system successfully
> > with input root password,even with ssh connect to non-root user,the
> > behaviour should keep same.Am I right?
> Authentication is a tricky matter - there is a difference between a
> local user and a user connected through ssh, at least in the eyes of
> polkit authentication, and I don't know if the behavior you observe is
> intentional or a bug.

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users