005f272767
Add warning about virt-v2v-in-place not being supported resolves: RHEL-40903 Add more fields to virt-inspector output related: MTV-1079 Revert "docs: Remove paragraph about -ip passwords and ssh/scp" resolves: RHEL-45527
61 lines
2.7 KiB
Diff
61 lines
2.7 KiB
Diff
From 528cae619a10c7cb62e1d9d72ec2475b1543f512 Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Fri, 28 Jun 2024 14:52:11 +0100
|
|
Subject: [PATCH] Revert "docs: Remove paragraph about -ip passwords and
|
|
ssh/scp"
|
|
|
|
Previously we removed this paragraph, believing that the -ip option
|
|
now copes with all cases. However this still isn't true because
|
|
libvirt runs this ssh command:
|
|
|
|
ssh -l root -T -e none -- [XEN-HOST] sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; if test $? = 0; then virt-ssh-helper 'xen://'; else if 'nc' -q 2>&1 | grep "requires an argument" >/dev/null 2>&1; then ARG=-q0;else ARG=;fi;'nc' $ARG -U /var/run/libvirt/libvirt-sock; fi'
|
|
|
|
I checked with Dan and there is no way to suppress this or pass in a
|
|
password, so we still need ssh-agent even with -ip. Note this applies
|
|
to any libvirt ssh connection, thus to Xen or VMware over SSH.
|
|
|
|
Reported-by: Ming Xie
|
|
Fixes: https://issues.redhat.com/browse/RHEL-45527
|
|
Thanks: Daniel Berrange
|
|
|
|
This reverts commit 67fcf66904c7f1f6da858eba35e95dad670427c0.
|
|
|
|
(cherry picked from commit 2a6c24227380a43f1a31cd22281f48dc586653b0)
|
|
---
|
|
docs/virt-v2v-input-vmware.pod | 5 +++++
|
|
docs/virt-v2v-input-xen.pod | 5 +++++
|
|
2 files changed, 10 insertions(+)
|
|
|
|
diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod
|
|
index fc6be0e0..b28268c2 100644
|
|
--- a/docs/virt-v2v-input-vmware.pod
|
|
+++ b/docs/virt-v2v-input-vmware.pod
|
|
@@ -155,6 +155,11 @@ virt-v2v server to the ESXi hypervisor. For example:
|
|
$ ssh root@esxi.example.com
|
|
[ logs straight into the shell, no password is requested ]
|
|
|
|
+Note that support for non-interactive authentication via the I<-ip>
|
|
+option is incomplete. Some operations remain that still require the
|
|
+user to enter the password manually. Therefore ssh-agent is recommended
|
|
+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.
|
|
+
|
|
=head3 VMX: Construct the SSH URI
|
|
|
|
When using the SSH input transport you must specify a remote
|
|
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
|
|
index 05c4e3f5..9c3981e1 100644
|
|
--- a/docs/virt-v2v-input-xen.pod
|
|
+++ b/docs/virt-v2v-input-xen.pod
|
|
@@ -32,6 +32,11 @@ server to the Xen host. For example:
|
|
$ ssh root@xen.example.com
|
|
[ logs straight into the shell, no password is requested ]
|
|
|
|
+Note that support for non-interactive authentication via the I<-ip>
|
|
+option is incomplete. Some operations remain that still require the
|
|
+user to enter the password manually. Therefore ssh-agent is recommended
|
|
+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.
|
|
+
|
|
With some modern ssh implementations, legacy crypto algorithms required
|
|
to interoperate with RHEL 5 sshd are disabled. To enable them, you may
|
|
need to add the following C<Host> stanza to your F<~/.ssh/config>:
|