-
Notifications
You must be signed in to change notification settings - Fork 193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[wip] Use public key authentication #1131
Conversation
Attempt to allow key based authentication for ssh based backends
@@ -1170,24 +1170,40 @@ sub new_ssh_connection { | |||
$args{username} ||= 'root'; | |||
|
|||
my $ssh = Net::SSH2->new; | |||
|
|||
my $privatekey_path = '/home/foursixnine/.openqa'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be a worker setting
consoles/console.pm
Outdated
my ($self, $username, $host, $gui, $privatekey) = @_; | ||
my $sshopts = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"; | ||
$sshopts .= " -o PubkeyAuthentication=no" unless defined $privatekey; | ||
if (defined $privatekey && -e $privatekey){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@coolo @mnowaksuse I'm tempted to use a job variable (say VIRSH_SSH_PRIVATEKEY
and use that if it's set instead of expecting the private key to be passed somehow (Something I haven't figured out yet how to)... wdyt?
Tidy up in the meantime
Perhaps make it password-less? I don't see much security in this. |
Codecov Report
@@ Coverage Diff @@
## master #1131 +/- ##
===========================================
- Coverage 38.71% 27.45% -11.26%
===========================================
Files 40 40
Lines 4812 4822 +10
Branches 811 816 +5
===========================================
- Hits 1863 1324 -539
- Misses 2623 3285 +662
+ Partials 326 213 -113
Continue to review full report at Codecov.
|
@foursixnine What is a benefit of pub key authentication for our testing? Is it problematic to pass the password (I guess it's working everywhere, isn't it?) or security (why bother for testing)? |
Actually it's a byproduct of another issue I was working with, regarding timeouts on svirt backends, main benefit here is just to not need to input the password, and avoid the risk of having keys missing when there's high network load (which correlates with connection timeout messages) which was an issue in the past. You can give a look to poo#41504 Security wise, it's not my concern atm but rather stability and safety that the connection can be stablished... |
@foursixnine make sense, thanks for an explanation. I'd still explain the motivation in commit message or pointed out poo#41504. (if you search in git, you usually don't check PR on the web) |
@pevik makes sense tbh :) I'll do that at a later point |
please reopen when you continue the work. Thanks. Closing to clean up old open PRs. |
Attempt to allow key based authentication for ssh based backends.
There's still the VNC part of this that I haven't quite found the way how to make it work, as it's still using password auth.