Thanks to all for the great dialogue! We will proceed with the suggestions.
On 10/21/14 4:00 AM, "Yair Zaslavsky" <[email protected]> wrote: > > >----- Original Message ----- >> From: "Alon Bar-Lev" <[email protected]> >> To: "Sven Kieske" <[email protected]> >> Cc: [email protected] >> Sent: Tuesday, October 21, 2014 10:49:02 AM >> Subject: Re: [ovirt-users] [Fwd: options for root and password] >> >> >> >> ----- Original Message ----- >> > From: "Sven Kieske" <[email protected]> >> > To: [email protected] >> > Sent: Tuesday, October 21, 2014 10:40:39 AM >> > Subject: Re: [ovirt-users] [Fwd: options for root and password] >> > >> > >> > On 21/10/14 09:21, Sven Kieske wrote: >> > > I don't know if this is still valid, I don't find any >> > > options regarding public/private keys in ovirt 3.3. but >> > > I would be very interested in this topic to tighten security. >> > >> > It just turns out this already works in ovirt 3.3.2 >> > maybe even earlier, but I would like to know >> > if the point about host key validation on the mentioned wiki >> > page is still true, as I think this would be cve-worthy. >> >> When host is added its ssh fingerprint is recorded in database, and is >> enforced from this point on. >> Only at Edit Host dialog it can be modified. >> You can also pre-fetch the fingerprint before adding the host at Add >>Host >> dialog in order to confirm that it is the correct host, it will add this >> fingerprint to database and enforce it when adding the host too. > > >CC'ing Yaniv Bronheim who was the feature owner for ssh fingerprint usage >during host addition. >I guess Yaniv can confirm exactly which version it was added. > > >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> >_______________________________________________ >Users mailing list >[email protected] >http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
