Users are generally expected to have setup an authentication scheme for
SSH that does not rely on password prompts. For example, they can setup
SSH public keys, or use Kerberos. With SSH public keys, the desktop envs
arrange for a graphical prompt to unlock the keys. For kerberos, the
user acquires a ticket out of band, typically at desktop login time.
In an out of the box server though, users may be prompted to enter a
password to authenticate with SSH. When virt-manager is launched from
the desktop there's no console on which these passwords can be
collected. When launched from the terminal virt-manager forks and closes
its controlling terminal to ensure password prompts do get shown on that
terminal. Even if the user launched virt-manager with --no-fork so that
they can get password prompts on the console this is still a bad
solution because when they open a guest display using SPICE they will be
suddenly prompted for password for 5 or more SSH connections at once, as
SPICE uses multiple sockets per guest.
This patch thus changes to the way SSH is launched for graphical
consoles to force non-interactive batch mode. It also turns off the
magic SSH escape character so that the tunnel is 8-bit clean. It passes
the no_tty=1 parameter when opening libvirt URIs which has the same
effect on SSH tunnels libvirt launches.
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
virtManager/connection.py | 8 +++++++-
virtManager/sshtunnels.py | 2 +-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/virtManager/connection.py b/virtManager/connection.py
index 6340b234..94caeed8 100644
--- a/virtManager/connection.py
+++ b/virtManager/connection.py
@@ -174,8 +174,14 @@ class vmmConnection(vmmGObject):
vmmGObject.__init__(self)
+ uri = self._uri
+ if "?" in uri:
+ uri = uri + "&no_tty=1"
+ else:
+ uri = uri + "?no_tty=1"
+
self._state = self._STATE_DISCONNECTED
- self._backend = virtinst.VirtinstConnection(self._uri)
+ self._backend = virtinst.VirtinstConnection(uri)
self._closing = False
# Error strings are stored here if open() fails
diff --git a/virtManager/sshtunnels.py b/virtManager/sshtunnels.py
index 25e95085..e0ece296 100644
--- a/virtManager/sshtunnels.py
+++ b/virtManager/sshtunnels.py
@@ -210,7 +210,7 @@ def _make_ssh_command(ginfo):
host, port = ginfo.get_tunnel_host()
# Build SSH cmd
- argv = ["ssh", "ssh"]
+ argv = ["ssh", "ssh", "-T", "-o", "BatchMode=yes", "-e", "none"]
if port:
argv += ["-p", str(port)]
--
2.14.3
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
