Re: virt-manager with SSH and 2FA with TOTP?
On 14/04/2025 11:27, Daniel P. Berrangé via Users wrote:
virt-manager currently has a trivial SSH tunnel impl that
establishes
a new SSH connection for each connection, running netcat on the remote
side to forward the TCP data over the primary SSH channel.
It would be conceptually possible to change virt-manager to make use
of SSH's port tunnelling feature instead of using 'netcat'. The code
is mostly in virtManager/details/sshtunnels.py if someone wants to
have a crack at it.
The challenge would be you need some global caching to open SSH only
once and then have to keep track of when to tear down the tunnel
since you can't directy see how many of the tunnelled ports are
currently in use.
As it's just running the ssh command, could it just set some
combination of the Control{Master,Path,Persist} options so that
there is automatic connection sharing?
Incidentally you could probably achieve the same thing without
any code changes by doing something like this in .ssh/config:
Host <vm-host>
ControlMaster auto
ControlPath ~/.ssh/control.%C
ControlPersist no
That should share connections to the host until the last one
is closed I think.
Tom
--
Tom Hughes (tom(a)compton.nu)
http://compton.nu/