Re: virt-manager with SSH and 2FA with TOTP?

Hi! Am 14.04.25 um 12:41 schrieb Tom Hughes: [...] I can confirm that this actually solves my initial problem: With these few lines in $HOME/.ssh/config one has to authenticate only once in virt-manager on the initial connection setup and then can use the virtual console right away. The first SSH connection to the host is authenticated as usual (in my case with SSH key + TOTP). Subsequent connections from the same client to the same host do not perform a new authentication, they now use the existing network connection. There seems to be a side effect, though: if the initial connection is done using virt-manager, a subsequent SSH shell session to the host is lost, if the virt-manager connection is closed. This is interesting, as if the initial connection is done using ssh on the commandline (to get a shell on the remote host), a subsequent virt-manager connection is not lost if the user exits the initial SSH commandline session: The SSH shell session hangs and waits until the virt-manager connection is closed. I have to further analyze security and other implications of this setup. Subsequent SSH sessions do not go through the PAM auth and session stack, for instance. Shell sessions show up in the output of "who", though. But for the case of virt-manager, this indeed is a good workaround. Perhaps virt-manager should use this feature only for its own SSH connections and not rely on the users ssh config setup? Perhaps it could use the ssh commandline options "-M" and "-S" on the initial connection and "-S" on subsequent connections to the same VM host? Anyway, SSH is a very powerful tool! It still amazes me after all these (almost 30) years I use it! I didn't know this SSH feature. Thank you for sharing this idea! - andreas -- Andreas Haumer *x Software + Systeme | mailto:andreas@xss.co.at Karmarschgasse 51/2/20 | https://www.xss.co.at/ A-1100 Vienna, Austria | Tel: +43-1-6060114