On Fri, Feb 11, 2022 at 05:46:31PM +0000, Daniel P. Berrangé wrote:
> - return g_strdup_printf("sh -c 'which
virt-ssh-helper 1>/dev/null 2>&1; "
> - "if test $? = 0; then "
> + return g_strdup_printf("sh -c 'if which virt-ssh-helper
>/dev/null 2>&1; then "
> "%s; "
> "else "
> "%s; "
I understand the motivation, but please don't change this. Applications
like OpenStack have configured ssh authorized_keys files with the
specific command that libvirt invokes. So changes like this will break
their SSH configs. We caused this pain when we first introduced the
virt-ssh-helper, but at least that was giving them a functional
improvement and they could use a URI parameter to force the old command
string. This change is just prettiness for no functional improvement
so is not worth breaking apps for.
Can you please provide pointers to the OpenStack implementation of
this and the issue that resulted from introducing virt-ssh-helper?
AFAICT the only way to restrict what commands a user can run after
successfully authenticating is to specify command=... before the
corresponding key in authorized_keys and I don't see how this change,
or indeed the one that happened when virt-ssh-helper was added, could
interfere with that.
--
Andrea Bolognani / Red Hat / Virtualization