On 2011年11月16日 20:26, Lucas Meneghel Rodrigues wrote: > On 11/16/2011 07:20 AM, Wenyi Gao wrote: >> >> Currently, for ubuntu system, autotest.init will be used and start >> monitor_db_babysitter owned by user autotest, >> so when we use web front-end to create job, the autoserv also owned >> by user autotest runs ssh commands with default >> ssh user "root", known as "-l root", which causes the following >> permission problem on ubuntu. >> >> * Command: >> /usr/bin/ssh -a -x -o StrictHostKeyChecking=no -o >> UserKnownHostsFile=/tmp/tmpvUr_sL -o BatchMode=yes -o >> ConnectTimeout=60 -o >> ServerAliveInterval=300 -l root -p 22 172.16.3.130 " true" >> Exit status: 255 >> Duration: 0.342299938202 >> >> stderr: >> Permission denied (publickey,password). >> >> >> So the patch changes user from autotest to root when starting >> monitor_de_babysitter to keep consitent with ssh >> user "-l root". > > From the ssl man page > > -l login_name: Specifies the user to log in as on the remote machine. > This also may be specified on a per-host basis in the configuration file. > > This is not a problem with the autotest user on your machine. What > probably happens is you do not have ssh key properly setup. > > https://github.com/autotest/autotest/wiki/KVMAutotest-GetStartedServer > > Host Installation Steps > Setup password-less ssh connection from the server to this host > On the server, create a DSA key in the following way: > > ssh-keygen -t dsa > Then, still on the server, copy it to the host: > > ssh-copy-id [email protected] > > I'm rejecting this patch. >
In fact, I have setup the ssh key and both user "autotest" and user "root" can ssh target host without password. I have done the following test: Test 1: root user run ssh root@wayne-ThinkPad-T420:/home/wayne# ssh [email protected] Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic x86_64) * Documentation: https://help.ubuntu.com/ Last login: Thu Nov 17 09:24:07 2011 from wayne-thinkpad-t420.local root@ubuntu:~# Test 2: autotest user run ssh autotest@wayne-ThinkPad-T420:/home/wayne$ ssh [email protected] Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic x86_64) * Documentation: https://help.ubuntu.com/ Last login: Thu Nov 17 09:28:11 2011 from wayne-thinkpad-t420.local autotest@ubuntu:~$ Test 3: autotest user run ssh with "-l root" autotest@wayne-ThinkPad-T420:/home/wayne$ ssh -a -x 172.16.3.130 -l root "true" [email protected]'s password: The tests are done on Ubuntu 11.10 workstations. It is clear Test1 and Tes2 are okey, but Test 3 fails. However our autotest framework runs ssh as the same way to Test 3, which will fail. On the other side, if Test 3 is okey, there will be a security hole for ssh because a user can ssh a target host with another user's account without password. _______________________________________________ Autotest mailing list [email protected] http://test.kernel.org/cgi-bin/mailman/listinfo/autotest
