Migration via qemu+ssh using a given private ssh key possible ?
Hi, happy new year! Is there a way to tell libvirt to migrate an instance via qemu+ssh using a specific ssh key ? It seems libvirt will always try to use the .ssh/id_rsa private key. But i would like to somehow tell libvirt to use a specific private ssh key. ( At best via command line argument ). Is that possible somehow ? Or something else similar ? Thank you! -- Mit freundlichen Gruessen / Best regards Oliver Dzombic Layer7 Networks mailto:info@layer7.net Anschrift: Layer7 Networks GmbH Zum Sonnenberg 1-3 63571 Gelnhausen HRB 96293 beim Amtsgericht Hanau Geschäftsführung: Oliver Dzombic UST ID: DE259845632
On Sat, Jan 02, 2021 at 14:25:32 +0100, Oliver Dzombic wrote:
Hi,
happy new year!
Is there a way to tell libvirt to migrate an instance via qemu+ssh using a specific ssh key ?
It seems libvirt will always try to use the .ssh/id_rsa private key.
But i would like to somehow tell libvirt to use a specific private ssh key. ( At best via command line argument ).
This can be achieved via the 'keyfile' URI parameter. See: https://libvirt.org/uri.html#Remote_URI_parameters
Hi Peter, thank you very much for this hint. Seems to work! :) But i also tried another switch: no_verify=1 The whole call: virsh -K0 -k0 migrate --copy-storage-inc --verbose --persistent --live testInstance qemu+ssh://testnode4:22/system?keyfile=/tmp/key-5ff4b02ca966c?no_verify=1?no_tty=1 So as you can see no_verify=1 no_tty=1 has been added. But still i receive The authenticity of host '[testnode4]:22 ([10.0.1.4]:22)' can't be established. ECDSA key fingerprint is SHA256:tcF31bWN6Gg8O5bMTkkusbcariPBWjGdLAP7WnfdqsM. Are you sure you want to continue connecting (yes/no/[fingerprint])? Should it not accept automatically this unknown fingerprint ? -- Mit freundlichen Gruessen / Best regards Oliver Dzombic Layer7 Networks mailto:info@layer7.net Anschrift: Layer7 Networks GmbH Zum Sonnenberg 1-3 63571 Gelnhausen HRB 96293 beim Amtsgericht Hanau Geschäftsführung: Oliver Dzombic UST ID: DE259845632 Am 03.01.21 um 13:33 schrieb Peter Krempa:
On Sat, Jan 02, 2021 at 14:25:32 +0100, Oliver Dzombic wrote:
Hi,
happy new year!
Is there a way to tell libvirt to migrate an instance via qemu+ssh using a specific ssh key ?
It seems libvirt will always try to use the .ssh/id_rsa private key.
But i would like to somehow tell libvirt to use a specific private ssh key. ( At best via command line argument ).
This can be achieved via the 'keyfile' URI parameter.
On Tue, Jan 05, 2021 at 19:39:49 +0100, Oliver Dzombic wrote:
Hi Peter,
[...]
So as you can see
no_verify=1 no_tty=1
has been added.
But still i receive
The authenticity of host '[testnode4]:22 ([10.0.1.4]:22)' can't be established. ECDSA key fingerprint is SHA256:tcF31bWN6Gg8O5bMTkkusbcariPBWjGdLAP7WnfdqsM. Are you sure you want to continue connecting (yes/no/[fingerprint])?
I've looked at the code briefly and it seems to be implemented by adding: -o StrictHostKeyChecking=no to the command line of the 'ssh' binary, so it should work, but maybe there's some snag. Could you please file this as a bug/issue: https://gitlab.com/libvirt/libvirt/-/issues/new
On Tue, Jan 05, 2021 at 07:39:49PM +0100, Oliver Dzombic wrote:
Hi Peter,
thank you very much for this hint. Seems to work! :)
But i also tried another switch: no_verify=1
The whole call:
virsh -K0 -k0 migrate --copy-storage-inc --verbose --persistent --live testInstance qemu+ssh://testnode4:22/system?keyfile=/tmp/key-5ff4b02ca966c?no_verify=1?no_tty=1
So as you can see
no_verify=1 no_tty=1
has been added.
You have incorrect URL syntax here. You need to use "&" to separate parameters, not "?". The "?" is only valid to separate the path from the start of the parameter list. qemu+ssh://testnode4:22/system?keyfile=/tmp/key-5ff4b02ca966c&no_verify=1&no_tty=1 Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (3)
-
Daniel P. Berrangé -
Oliver Dzombic -
Peter Krempa