On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote: > Hi there, > > I have a system configured with ssh login banner like as below: > # cat ~/.bashrc > ... > echo > "=================================================================================" > echo "====== This machine is occupied by xxx for testing now. If you are > about to use it, contact xxx first ======" > echo > "=================================================================================" > > It works as expected that whenever someone logs into this system by ssh, > he/she will see this warning message. > But it seems such settings will impact a virsh client connection with ssh, > when I try to connect the libvirt daemon on this system, it will error out : > # virsh -c qemu+ssh://${my_host}/system list --all > root@${my_host}'s password: > error: failed to connect to the hypervisor > error: packet 1027423545 bytes received from server too large, want 33554432 Libvirt is tunnelling an RPC protocol over the SSH connection. Your bashrc is printing this text onto the SSH conmnection and that corrupts the libvirt RPC protocol. If you want to print something whjen people login use the /etc/motd file which is designed for this pupose, don't print stuff from a .bashrc. Libvirt gives the options to SSH that prevent display of /etc/motd contents, so that its RPC protocol doesn't get corrupted.

On Thu, Feb 10, 2022 at 09:33:38AM +0100, Michal Prívozník wrote: > On 2/10/22 09:02, Daniel P. Berrangé wrote: > > On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote: > >> Hi there, > >> > >> I have a system configured with ssh login banner like as below: > >> # cat ~/.bashrc > >> ... > >> echo > >> "=================================================================================" > >> echo "====== This machine is occupied by xxx for testing now. If you are > >> about to use it, contact xxx first ======" > >> echo > >> "=================================================================================" > >> > >> It works as expected that whenever someone logs into this system by ssh, > >> he/she will see this warning message. > >> But it seems such settings will impact a virsh client connection with ssh, > >> when I try to connect the libvirt daemon on this system, it will error out : > >> # virsh -c qemu+ssh://${my_host}/system list --all > >> root@${my_host}'s password: > >> error: failed to connect to the hypervisor > >> error: packet 1027423545 bytes received from server too large, want 33554432 > > > > Libvirt is tunnelling an RPC protocol over the SSH connection. > > Your bashrc is printing this text onto the SSH conmnection and > > that corrupts the libvirt RPC protocol. > > > > If you want to print something whjen people login use the > > /etc/motd file which is designed for this pupose, don't > > print stuff from a .bashrc. Libvirt gives the options to > > SSH that prevent display of /etc/motd contents, so that > > its RPC protocol doesn't get corrupted. > > One more thing, I wasn't able to reproduce when virt-ssh-helper was > used. But maybe I wasn't trying hard enough. That should be affected in exactly the same way. It still relies on stdout/stdin being clean data channels. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

On Thu, Feb 10, 2022 at 17:47:43 +0800, Yalan Zhang wrote: > Thank you! I tried /etc/motd, and it does not impact the libvirt connection. > Happy to learn something new! Alternatively if you really need to run commands in .bashrc which can potentially print some output, you can put them after a check for interactive shell: if [[ $- != *i* ]] ; then # Shell is non-interactive. Be done now! return fi echo "Interactive shell here. How are you?" Jirka