331c6bc244
RHEL patches: * Select correct qemu binary for -o qemu mode * Disable the --qemu-boot / -oo qemu-boot option * Fix list of supported sound cards to match RHEL qemu * Fixes for libguestfs-winsupport * -i disk: force VNC as display * point to KB for supported v2v hypervisors/guests * Remove -o glance * Remove the --in-place option * tests: Remove btrfs test * Remove --block-driver option Remove input from Xen resolves: RHEL-37687 Remove -o rhv, -o rhv-upload and -o vdsm modes resolves: RHEL-36712
59 lines
2.7 KiB
Diff
59 lines
2.7 KiB
Diff
From 2a6c24227380a43f1a31cd22281f48dc586653b0 Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Fri, 28 Jun 2024 14:52:11 +0100
|
|
Subject: [PATCH] Revert "docs: Remove paragraph about -ip passwords and
|
|
ssh/scp"
|
|
|
|
Previously we removed this paragraph, believing that the -ip option
|
|
now copes with all cases. However this still isn't true because
|
|
libvirt runs this ssh command:
|
|
|
|
ssh -l root -T -e none -- [XEN-HOST] sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; if test $? = 0; then virt-ssh-helper 'xen://'; else if 'nc' -q 2>&1 | grep "requires an argument" >/dev/null 2>&1; then ARG=-q0;else ARG=;fi;'nc' $ARG -U /var/run/libvirt/libvirt-sock; fi'
|
|
|
|
I checked with Dan and there is no way to suppress this or pass in a
|
|
password, so we still need ssh-agent even with -ip. Note this applies
|
|
to any libvirt ssh connection, thus to Xen or VMware over SSH.
|
|
|
|
Reported-by: Ming Xie
|
|
Fixes: https://issues.redhat.com/browse/RHEL-45527
|
|
Thanks: Daniel Berrange
|
|
|
|
This reverts commit 67fcf66904c7f1f6da858eba35e95dad670427c0.
|
|
---
|
|
docs/virt-v2v-input-vmware.pod | 5 +++++
|
|
docs/virt-v2v-input-xen.pod | 5 +++++
|
|
2 files changed, 10 insertions(+)
|
|
|
|
diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod
|
|
index fc6be0e0..b28268c2 100644
|
|
--- a/docs/virt-v2v-input-vmware.pod
|
|
+++ b/docs/virt-v2v-input-vmware.pod
|
|
@@ -155,6 +155,11 @@ virt-v2v server to the ESXi hypervisor. For example:
|
|
$ ssh root@esxi.example.com
|
|
[ logs straight into the shell, no password is requested ]
|
|
|
|
+Note that support for non-interactive authentication via the I<-ip>
|
|
+option is incomplete. Some operations remain that still require the
|
|
+user to enter the password manually. Therefore ssh-agent is recommended
|
|
+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.
|
|
+
|
|
=head3 VMX: Construct the SSH URI
|
|
|
|
When using the SSH input transport you must specify a remote
|
|
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
|
|
index 38dc8f7b..4a0544f8 100644
|
|
--- a/docs/virt-v2v-input-xen.pod
|
|
+++ b/docs/virt-v2v-input-xen.pod
|
|
@@ -32,6 +32,11 @@ server to the Xen host. For example:
|
|
$ ssh root@xen.example.com
|
|
[ logs straight into the shell, no password is requested ]
|
|
|
|
+Note that support for non-interactive authentication via the I<-ip>
|
|
+option is incomplete. Some operations remain that still require the
|
|
+user to enter the password manually. Therefore ssh-agent is recommended
|
|
+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.
|
|
+
|
|
With some modern ssh implementations, legacy crypto algorithms required
|
|
to interoperate with RHEL 5 sshd are disabled. To enable them, you may
|
|
need to add the following C<Host> stanza to your F<~/.ssh/config>:
|