qemu+ssh connections to a remote libvirt fail as ssh banner configured
Hi there, I have a system configured with ssh login banner like as below: # cat ~/.bashrc ... echo "=================================================================================" echo "====== This machine is occupied by xxx for testing now. If you are about to use it, contact xxx first ======" echo "=================================================================================" It works as expected that whenever someone logs into this system by ssh, he/she will see this warning message. But it seems such settings will impact a virsh client connection with ssh, when I try to connect the libvirt daemon on this system, it will error out : # virsh -c qemu+ssh://${my_host}/system list --all root@${my_host}'s password: error: failed to connect to the hypervisor error: packet 1027423545 bytes received from server too large, want 33554432 I have searched and found some related explanations[1], and [2] says "The virsh man page doesn't mention ssh, so it sounds like the file /usr/share/doc/libvirt-doc/remote.html shipped with libvirt-doc could use a patch mentioning this." But I can not find anything about this currently on file:///usr/share/doc/libvirt-docs/html/remote.html. Could we have this documented for reference with all the possibilities? Thank you! [1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/868753/comments/17 [2] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/868753/comments/14 ------- Best Regards, Yalan Zhang IRC: yalzhang
On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote:
Hi there,
I have a system configured with ssh login banner like as below: # cat ~/.bashrc ... echo "=================================================================================" echo "====== This machine is occupied by xxx for testing now. If you are about to use it, contact xxx first ======" echo "================================================================================="
It works as expected that whenever someone logs into this system by ssh, he/she will see this warning message. But it seems such settings will impact a virsh client connection with ssh, when I try to connect the libvirt daemon on this system, it will error out : # virsh -c qemu+ssh://${my_host}/system list --all root@${my_host}'s password: error: failed to connect to the hypervisor error: packet 1027423545 bytes received from server too large, want 33554432
Libvirt is tunnelling an RPC protocol over the SSH connection. Your bashrc is printing this text onto the SSH conmnection and that corrupts the libvirt RPC protocol. If you want to print something whjen people login use the /etc/motd file which is designed for this pupose, don't print stuff from a .bashrc. Libvirt gives the options to SSH that prevent display of /etc/motd contents, so that its RPC protocol doesn't get corrupted. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 2/10/22 09:02, Daniel P. Berrangé wrote:
On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote:
Hi there,
I have a system configured with ssh login banner like as below: # cat ~/.bashrc ... echo "=================================================================================" echo "====== This machine is occupied by xxx for testing now. If you are about to use it, contact xxx first ======" echo "================================================================================="
It works as expected that whenever someone logs into this system by ssh, he/she will see this warning message. But it seems such settings will impact a virsh client connection with ssh, when I try to connect the libvirt daemon on this system, it will error out : # virsh -c qemu+ssh://${my_host}/system list --all root@${my_host}'s password: error: failed to connect to the hypervisor error: packet 1027423545 bytes received from server too large, want 33554432
Libvirt is tunnelling an RPC protocol over the SSH connection. Your bashrc is printing this text onto the SSH conmnection and that corrupts the libvirt RPC protocol.
If you want to print something whjen people login use the /etc/motd file which is designed for this pupose, don't print stuff from a .bashrc. Libvirt gives the options to SSH that prevent display of /etc/motd contents, so that its RPC protocol doesn't get corrupted.
One more thing, I wasn't able to reproduce when virt-ssh-helper was used. But maybe I wasn't trying hard enough. Michal
On Thu, Feb 10, 2022 at 09:33:38AM +0100, Michal Prívozník wrote:
On 2/10/22 09:02, Daniel P. Berrangé wrote:
On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote:
Hi there,
I have a system configured with ssh login banner like as below: # cat ~/.bashrc ... echo "=================================================================================" echo "====== This machine is occupied by xxx for testing now. If you are about to use it, contact xxx first ======" echo "================================================================================="
It works as expected that whenever someone logs into this system by ssh, he/she will see this warning message. But it seems such settings will impact a virsh client connection with ssh, when I try to connect the libvirt daemon on this system, it will error out : # virsh -c qemu+ssh://${my_host}/system list --all root@${my_host}'s password: error: failed to connect to the hypervisor error: packet 1027423545 bytes received from server too large, want 33554432
Libvirt is tunnelling an RPC protocol over the SSH connection. Your bashrc is printing this text onto the SSH conmnection and that corrupts the libvirt RPC protocol.
If you want to print something whjen people login use the /etc/motd file which is designed for this pupose, don't print stuff from a .bashrc. Libvirt gives the options to SSH that prevent display of /etc/motd contents, so that its RPC protocol doesn't get corrupted.
One more thing, I wasn't able to reproduce when virt-ssh-helper was used. But maybe I wasn't trying hard enough.
That should be affected in exactly the same way. It still relies on stdout/stdin being clean data channels. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Thank you! I tried /etc/motd, and it does not impact the libvirt connection. Happy to learn something new! On Thu, Feb 10, 2022 at 4:50 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
On Thu, Feb 10, 2022 at 09:33:38AM +0100, Michal Prívozník wrote:
On 2/10/22 09:02, Daniel P. Berrangé wrote:
On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote:
Hi there,
I have a system configured with ssh login banner like as below: # cat ~/.bashrc ... echo
"================================================================================="
echo "====== This machine is occupied by xxx for testing now. If you are about to use it, contact xxx first ======" echo
"================================================================================="
It works as expected that whenever someone logs into this system by
ssh,
he/she will see this warning message. But it seems such settings will impact a virsh client connection with ssh, when I try to connect the libvirt daemon on this system, it will error out : # virsh -c qemu+ssh://${my_host}/system list --all root@${my_host}'s password: error: failed to connect to the hypervisor error: packet 1027423545 bytes received from server too large, want 33554432
Libvirt is tunnelling an RPC protocol over the SSH connection. Your bashrc is printing this text onto the SSH conmnection and that corrupts the libvirt RPC protocol.
If you want to print something whjen people login use the /etc/motd file which is designed for this pupose, don't print stuff from a .bashrc. Libvirt gives the options to SSH that prevent display of /etc/motd contents, so that its RPC protocol doesn't get corrupted.
One more thing, I wasn't able to reproduce when virt-ssh-helper was used. But maybe I wasn't trying hard enough.
That should be affected in exactly the same way. It still relies on stdout/stdin being clean data channels.
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Thu, Feb 10, 2022 at 17:47:43 +0800, Yalan Zhang wrote:
Thank you! I tried /etc/motd, and it does not impact the libvirt connection. Happy to learn something new!
Alternatively if you really need to run commands in .bashrc which can potentially print some output, you can put them after a check for interactive shell: if [[ $- != *i* ]] ; then # Shell is non-interactive. Be done now! return fi echo "Interactive shell here. How are you?" Jirka
Hi Jiri, Get it! Have tried and it works well, Thank you all! On Thu, Feb 10, 2022 at 6:14 PM Jiri Denemark <jdenemar@redhat.com> wrote:
On Thu, Feb 10, 2022 at 17:47:43 +0800, Yalan Zhang wrote:
Thank you! I tried /etc/motd, and it does not impact the libvirt connection. Happy to learn something new!
Alternatively if you really need to run commands in .bashrc which can potentially print some output, you can put them after a check for interactive shell:
if [[ $- != *i* ]] ; then # Shell is non-interactive. Be done now! return fi
echo "Interactive shell here. How are you?"
Jirka
participants (4)
-
Daniel P. Berrangé -
Jiri Denemark -
Michal Prívozník -
Yalan Zhang