virt-v2v/0018-Revert-docs-Remove-paragraph-about-ip-passwords-and-.patch

From 528cae619a10c7cb62e1d9d72ec2475b1543f512 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 28 Jun 2024 14:52:11 +0100
Subject: [PATCH] Revert "docs: Remove paragraph about -ip passwords and
 ssh/scp"

Previously we removed this paragraph, believing that the -ip option
now copes with all cases.  However this still isn't true because
libvirt runs this ssh command:

  ssh -l root -T -e none -- [XEN-HOST] sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; if test $? = 0; then     virt-ssh-helper 'xen://'; else    if 'nc' -q 2>&1 | grep "requires an argument" >/dev/null 2>&1; then ARG=-q0;else ARG=;fi;'nc' $ARG -U /var/run/libvirt/libvirt-sock; fi'

I checked with Dan and there is no way to suppress this or pass in a
password, so we still need ssh-agent even with -ip.  Note this applies
to any libvirt ssh connection, thus to Xen or VMware over SSH.

Reported-by: Ming Xie
Fixes: https://issues.redhat.com/browse/RHEL-45527
Thanks: Daniel Berrange

This reverts commit 67fcf66904c7f1f6da858eba35e95dad670427c0.

(cherry picked from commit 2a6c24227380a43f1a31cd22281f48dc586653b0)
---
 docs/virt-v2v-input-vmware.pod | 5 +++++
 docs/virt-v2v-input-xen.pod    | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod
index fc6be0e0..b28268c2 100644
--- a/docs/virt-v2v-input-vmware.pod
+++ b/docs/virt-v2v-input-vmware.pod
@@ -155,6 +155,11 @@ virt-v2v server to the ESXi hypervisor.  For example:
  $ ssh root@esxi.example.com
  [ logs straight into the shell, no password is requested ]
 
+Note that support for non-interactive authentication via the I<-ip>
+option is incomplete.  Some operations remain that still require the
+user to enter the password manually.  Therefore ssh-agent is recommended
+over the I<-ip> option.  See L<https://bugzilla.redhat.com/1854275>.
+
 =head3 VMX: Construct the SSH URI
 
 When using the SSH input transport you must specify a remote
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
index 05c4e3f5..9c3981e1 100644
--- a/docs/virt-v2v-input-xen.pod
+++ b/docs/virt-v2v-input-xen.pod
@@ -32,6 +32,11 @@ server to the Xen host.  For example:
  $ ssh root@xen.example.com
  [ logs straight into the shell, no password is requested ]
 
+Note that support for non-interactive authentication via the I<-ip>
+option is incomplete.  Some operations remain that still require the
+user to enter the password manually.  Therefore ssh-agent is recommended
+over the I<-ip> option.  See L<https://bugzilla.redhat.com/1854275>.
+
 With some modern ssh implementations, legacy crypto algorithms required
 to interoperate with RHEL 5 sshd are disabled.  To enable them, you may
 need to add the following C<Host> stanza to your F<~/.ssh/config>:
Package virt-v2v-in-place in libexec as unsupported tool Add warning about virt-v2v-in-place not being supported resolves: RHEL-40903 Add more fields to virt-inspector output related: MTV-1079 Revert "docs: Remove paragraph about -ip passwords and ssh/scp" resolves: RHEL-45527 2024-07-09 10:43:28 +00:00			`From 528cae619a10c7cb62e1d9d72ec2475b1543f512 Mon Sep 17 00:00:00 2001`
			`From: "Richard W.M. Jones" <rjones@redhat.com>`
			`Date: Fri, 28 Jun 2024 14:52:11 +0100`
			`Subject: [PATCH] Revert "docs: Remove paragraph about -ip passwords and`
			`ssh/scp"`

			`Previously we removed this paragraph, believing that the -ip option`
			`now copes with all cases. However this still isn't true because`
			`libvirt runs this ssh command:`

			`ssh -l root -T -e none -- [XEN-HOST] sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; if test $? = 0; then virt-ssh-helper 'xen://'; else if 'nc' -q 2>&1 \| grep "requires an argument" >/dev/null 2>&1; then ARG=-q0;else ARG=;fi;'nc' $ARG -U /var/run/libvirt/libvirt-sock; fi'`

			`I checked with Dan and there is no way to suppress this or pass in a`
			`password, so we still need ssh-agent even with -ip. Note this applies`
			`to any libvirt ssh connection, thus to Xen or VMware over SSH.`

			`Reported-by: Ming Xie`
			`Fixes: https://issues.redhat.com/browse/RHEL-45527`
			`Thanks: Daniel Berrange`

			`This reverts commit 67fcf66904c7f1f6da858eba35e95dad670427c0.`

			`(cherry picked from commit 2a6c24227380a43f1a31cd22281f48dc586653b0)`
			`---`
			`docs/virt-v2v-input-vmware.pod \| 5 +++++`
			`docs/virt-v2v-input-xen.pod \| 5 +++++`
			`2 files changed, 10 insertions(+)`

			`diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod`
			`index fc6be0e0..b28268c2 100644`
			`--- a/docs/virt-v2v-input-vmware.pod`
			`+++ b/docs/virt-v2v-input-vmware.pod`
			`@@ -155,6 +155,11 @@ virt-v2v server to the ESXi hypervisor. For example:`
			`$ ssh root@esxi.example.com`
			`[ logs straight into the shell, no password is requested ]`

			`+Note that support for non-interactive authentication via the I<-ip>`
			`+option is incomplete. Some operations remain that still require the`
			`+user to enter the password manually. Therefore ssh-agent is recommended`
			`+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.`
			`+`
			`=head3 VMX: Construct the SSH URI`

			`When using the SSH input transport you must specify a remote`
			`diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod`
			`index 05c4e3f5..9c3981e1 100644`
			`--- a/docs/virt-v2v-input-xen.pod`
			`+++ b/docs/virt-v2v-input-xen.pod`
			`@@ -32,6 +32,11 @@ server to the Xen host. For example:`
			`$ ssh root@xen.example.com`
			`[ logs straight into the shell, no password is requested ]`

			`+Note that support for non-interactive authentication via the I<-ip>`
			`+option is incomplete. Some operations remain that still require the`
			`+user to enter the password manually. Therefore ssh-agent is recommended`
			`+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.`
			`+`
			`With some modern ssh implementations, legacy crypto algorithms required`
			`to interoperate with RHEL 5 sshd are disabled. To enable them, you may`
			`need to add the following C<Host> stanza to your F<~/.ssh/config>:`