----- Original Message ----- > From: "Alon Bar-Lev" <alo...@redhat.com> > To: "Sven Kieske" <s.kie...@mittwald.de> > Cc: users@ovirt.org > Sent: Tuesday, October 21, 2014 10:49:02 AM > Subject: Re: [ovirt-users] [Fwd: options for root and password] > > > > ----- Original Message ----- > > From: "Sven Kieske" <s.kie...@mittwald.de> > > To: users@ovirt.org > > Sent: Tuesday, October 21, 2014 10:40:39 AM > > Subject: Re: [ovirt-users] [Fwd: options for root and password] > > > > > > On 21/10/14 09:21, Sven Kieske wrote: > > > I don't know if this is still valid, I don't find any > > > options regarding public/private keys in ovirt 3.3. but > > > I would be very interested in this topic to tighten security. > > > > It just turns out this already works in ovirt 3.3.2 > > maybe even earlier, but I would like to know > > if the point about host key validation on the mentioned wiki > > page is still true, as I think this would be cve-worthy. > > When host is added its ssh fingerprint is recorded in database, and is > enforced from this point on. > Only at Edit Host dialog it can be modified. > You can also pre-fetch the fingerprint before adding the host at Add Host > dialog in order to confirm that it is the correct host, it will add this > fingerprint to database and enforce it when adding the host too.
CC'ing Yaniv Bronheim who was the feature owner for ssh fingerprint usage during host addition. I guess Yaniv can confirm exactly which version it was added. > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users