----- Original Message ----- > From: "Sven Kieske" <[email protected]> > To: [email protected] > Sent: Tuesday, October 21, 2014 10:21:17 AM > Subject: Re: [ovirt-users] [Fwd: options for root and password] > > > > On 21/10/14 09:05, Yedidyah Bar David wrote: > > ----- Original Message ----- > >> From: "Hoot Thompson" <[email protected]> > >> To: [email protected] > >> Sent: Tuesday, October 21, 2014 3:52:24 AM > >> Subject: [ovirt-users] [Fwd: options for root and password] > >> > >> > >> > >> Is there an alternative to the root/paasword approach to managing hosts > >> (by the engine)? Our preference would be keys/passphrase if that's > >> possible. > > > > IIRC we already allow that, no? In the "new host" dialog you can choose > > "ssh public key". > > > > Best, > > > > Well there is this wiki page: > > http://www.ovirt.org/Features/Ssh_Abilities > > but it is from 2013 and has this security hole: > > "Currently we don't enforce fingerprint validation." > > I don't know if this is still valid, I don't find any > options regarding public/private keys in ovirt 3.3. but > I would be very interested in this topic to tighten security.
I agree. Not sure about the current status. Note that there are two different issues here: 1. Letting ssh using a key pair instead of a password - already done 2. verifying the fingerprint, whether input by user or saved after first login - not sure -- Didi _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
