Re: qemu+ssh connections to a remote libvirt fail as ssh banner configured

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Thank you! I tried /etc/motd, and it does not impact the libvirt connection.
Happy to learn something new!

On Thu, Feb 10, 2022 at 4:50 PM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:
On Thu, Feb 10, 2022 at 09:33:38AM +0100, Michal Prívozník wrote:
> On 2/10/22 09:02, Daniel P. Berrangé wrote:
> > On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote:
> >> Hi there,
> >>
> >> I have a system configured with ssh login banner like as below:
> >> # cat ~/.bashrc
> >> ...
> >> echo
> >> "================================================================================="
> >> echo "====== This machine is occupied by xxx for testing now. If you are
> >> about to use it, contact xxx first ======"
> >> echo
> >> "================================================================================="
> >>
> >> It works as expected that whenever someone logs into this system by ssh,
> >> he/she will see this warning message.
> >> But it seems such settings will impact a virsh client connection with ssh,
> >> when I try to connect the libvirt daemon on this system, it will error out :
> >> # virsh -c qemu+ssh://${my_host}/system list --all
> >> root@${my_host}'s password:
> >> error: failed to connect to the hypervisor
> >> error: packet 1027423545 bytes received from server too large, want 33554432
> >
> > Libvirt is tunnelling an RPC protocol over the SSH connection.
> > Your bashrc is printing this text onto the SSH conmnection and
> > that corrupts the libvirt RPC protocol.
> >
> > If you want to print something whjen people login use the
> > /etc/motd file which is designed for this pupose, don't
> > print stuff from a .bashrc.  Libvirt gives the options to
> > SSH that prevent display of /etc/motd contents, so that
> > its RPC protocol doesn't get corrupted.
>
> One more thing, I wasn't able to reproduce when virt-ssh-helper was
> used. But maybe I wasn't trying hard enough.

That should be affected in exactly the same way. It still relies on
stdout/stdin being clean data channels.

Regards,
Daniel
--
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|


[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux