On Mon, Feb 14, 2022 at 01:56:17AM -0800, Andrea Bolognani wrote:
On Fri, Feb 11, 2022 at 05:46:31PM +0000, Daniel P. Berrangé wrote:
> > - return g_strdup_printf("sh -c 'which virt-ssh-helper
1>/dev/null 2>&1; "
> > - "if test $? = 0; then "
> > + return g_strdup_printf("sh -c 'if which virt-ssh-helper
>/dev/null 2>&1; then "
> > "%s; "
> > "else "
> > "%s; "
>
> I understand the motivation, but please don't change this. Applications
> like OpenStack have configured ssh authorized_keys files with the
> specific command that libvirt invokes. So changes like this will break
> their SSH configs. We caused this pain when we first introduced the
> virt-ssh-helper, but at least that was giving them a functional
> improvement and they could use a URI parameter to force the old command
> string. This change is just prettiness for no functional improvement
> so is not worth breaking apps for.
Can you please provide pointers to the OpenStack implementation of
this and the issue that resulted from introducing virt-ssh-helper?
I don't know where the code is. I just know that they were broken
by our changes in this area.
AFAICT the only way to restrict what commands a user can run after
successfully authenticating is to specify command=... before the
corresponding key in authorized_keys and I don't see how this change,
or indeed the one that happened when virt-ssh-helper was added, could
interfere with that.
The command that was listed in the authorized_keys file no longer
matched what libvirt was actually invoking, so it was rightly
rejected.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|