On 09/17/2013 02:38 PM, Fernando Lozano wrote:
Hi there,
I am experimenting with different security settings for libvirtd, so I
can give sysadmins administrative access to the KVM hypervisor without
giving them root access on the host. I had success using TLS (with
client-certs) and SASL, but have not managed to make polkit and ssh to
work so far.
If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw a
local virsh connection gets this error:
"Authorization requires authentication but no agent is available"
Thus I'm using "sasl" for tcp and "none" for the unix socket.
When I try a "qemu+ssh" remote virsh connection evething works fine.
But then I try the same URL using virt-manager, and then try to open a
guest console, virt-manager prompts multiple times for a ssh login
password.
Shoudn't virt-manager resue the same ssh connection for guest console
access? And even if it needs to open a new ssh connection for the
spice connection, this should require only one additional ssh login.
But I tried many times, carefully typing the password each time, and
I'm sure they were not typos: virt-manager is actually asking for the
ssh login password many times!
Maybe people who use ssh keys (passwordless) logins didn't notice, but
I think virt-manager should't require more than one addtional ssh
connection per guest console. Is this a bug?
I had the same experience using virt-manager for Fedora 19.
My workaround was to change .ssh/config file to include the following:
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
Not a fix for what I agree that seems to be a bug, but at least turned
the experience feasible.
Best regards,
Leonardo Garcia
[]s, Fernando Lozano
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
