On 6/7/20 5:01 AM, Yedidyah Bar David wrote:
On Sat, Jun 6, 2020 at 8:42 PM Michael Thomas <w...@caltech.edu> wrote:

After a week of iterations, I finally found the problem.  I was setting 
'PermitRootLogin no' in the global section of the bare metal OS sshd_config, as 
we do on all of our servers.  Instead, PermitRootLogin is set to 
'without-password' in a match block to allow root logins only from a well-known 
set of hosts.

Thanks for the report!

Can someone explain why setting 'PermitRootLogin no' in the sshd_config on the 
hypervisor OS would affect the hosted engine deployment?

Because the engine (running inside a VM) uses ssh as root to connect
to the host (in which the engine vm is running).

Would it be sufficient to set, on the host, 'PermitRootLogin without-password' in a Match block that matches the ovirt management network?

Match Address
    PermitRootLogin without-password


Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
List Archives: 

Reply via email to