9:25 p.m.
Hi,
happy new year!
Is there a way to tell libvirt to migrate an instance via qemu+ssh using
a specific ssh key ?
It seems libvirt will always try to use the .ssh/id_rsa private key.
But i would like to somehow tell libvirt to use a specific private ssh
key. ( At best via command line argument ).
Is that possible somehow ? Or something else similar ?
Thank you!
--
Mit freundlichen Gruessen / Best regards
Oliver Dzombic
Layer7 Networks
mailto:info@layer7.net
Anschrift:
Layer7 Networks GmbH
Zum Sonnenberg 1-3
63571 Gelnhausen
HRB 96293 beim Amtsgericht Hanau
Geschäftsführung: Oliver Dzombic
UST ID: DE259845632
8:33 p.m.
On Sat, Jan 02, 2021 at 14:25:32 +0100, Oliver Dzombic wrote:
Hi,
happy new year!
Is there a way to tell libvirt to migrate an instance via qemu+ssh using
a specific ssh key ?
It seems libvirt will always try to use the .ssh/id_rsa private key.
But i would like to somehow tell libvirt to use a specific private ssh
key. ( At best via command line argument ).
This can be achieved via the 'keyfile' URI parameter.
See: https://libvirt.org/uri.html#Remote_URI_parameters
2:39 a.m.
Hi Peter,
thank you very much for this hint. Seems to work! :)
But i also tried another switch: no_verify=1
The whole call:
virsh -K0 -k0 migrate --copy-storage-inc --verbose --persistent --live
testInstance
qemu+ssh://testnode4:22/system?keyfile=/tmp/key-5ff4b02ca966c?no_verify=1?no_tty=1
So as you can see
no_verify=1
no_tty=1
has been added.
But still i receive
The authenticity of host '[testnode4]:22 ([10.0.1.4]:22)' can't be
established.
ECDSA key fingerprint is SHA256:tcF31bWN6Gg8O5bMTkkusbcariPBWjGdLAP7WnfdqsM.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Should it not accept automatically this unknown fingerprint ?
--
Mit freundlichen Gruessen / Best regards
Oliver Dzombic
Layer7 Networks
mailto:info@layer7.net
Anschrift:
Layer7 Networks GmbH
Zum Sonnenberg 1-3
63571 Gelnhausen
HRB 96293 beim Amtsgericht Hanau
Geschäftsführung: Oliver Dzombic
UST ID: DE259845632
Am 03.01.21 um 13:33 schrieb Peter Krempa:
On Sat, Jan 02, 2021 at 14:25:32 +0100, Oliver Dzombic wrote:
> Hi,
>
> happy new year!
>
> Is there a way to tell libvirt to migrate an instance via qemu+ssh using
> a specific ssh key ?
>
> It seems libvirt will always try to use the .ssh/id_rsa private key.
>
> But i would like to somehow tell libvirt to use a specific private ssh
> key. ( At best via command line argument ).
This can be achieved via the 'keyfile' URI parameter.
See: https://libvirt.org/uri.html#Remote_URI_parameters
6:09 p.m.
On Tue, Jan 05, 2021 at 19:39:49 +0100, Oliver Dzombic wrote:
Hi Peter,
[...]
So as you can see
no_verify=1
no_tty=1
has been added.
But still i receive
The authenticity of host '[testnode4]:22 ([10.0.1.4]:22)' can't be
established.
ECDSA key fingerprint is SHA256:tcF31bWN6Gg8O5bMTkkusbcariPBWjGdLAP7WnfdqsM.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
I've looked at the code briefly and it seems to be implemented by adding:
-o StrictHostKeyChecking=no
to the command line of the 'ssh' binary, so it should work, but maybe
there's some snag.
Could you please file this as a bug/issue:
https://gitlab.com/libvirt/libvirt/-/issues/new
6:19 p.m.
On Tue, Jan 05, 2021 at 07:39:49PM +0100, Oliver Dzombic wrote:
Hi Peter,
thank you very much for this hint. Seems to work! :)
But i also tried another switch: no_verify=1
The whole call:
virsh -K0 -k0 migrate --copy-storage-inc --verbose --persistent --live
testInstance
qemu+ssh://testnode4:22/system?keyfile=/tmp/key-5ff4b02ca966c?no_verify=1?no_tty=1
So as you can see
no_verify=1
no_tty=1
has been added.
You have incorrect URL syntax here. You need to use "&" to separate
parameters, not "?". The "?" is only valid to separate the path from
the start of the parameter list.
qemu+ssh://testnode4:22/system?keyfile=/tmp/key-5ff4b02ca966c&no_verify=1&no_tty=1
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
1340
days inactive
1344
days old
4 comments
3 participants
participants (3)
-
Daniel P. Berrangé -
Oliver Dzombic -
Peter Krempa