[libvirt] Accessing libvirtd remotely as non-root user
Laine Stump
laine at laine.org
Fri Jun 12 17:58:02 UTC 2015
On 06/12/2015 12:14 PM, Dan Mossor wrote:
> On 06/12/2015 03:48 AM, Daniel P. Berrange wrote:
>> On Thu, Jun 11, 2015 at 05:26:20PM -0500, Dan Mossor wrote:
>>> I manage libvirtd on a few remote machines, and my security policies
>>> require
>>> me to disable root login via SSH. Up to this point, I've been using
>>> root due
>>> to the systems being in staging, but this is the final step before
>>> they're
>>> moved to production.
>>>
>>> What is the current proscribed method of connecting virt-manager or
>>> virsh to
>>> a remote system with a non-root account? I keep getting "authentication
>>> failed: no agent is available to authenticate" with a user that is
>>> in the
>>> kvm and qemu groups on the systems I've tried using the ssh transport.
>>
>> This guide ought to help you set it up
>>
>> http://wiki.libvirt.org/page/SSHPolicyKitSetup
>>
> Ok, so I finally got it working.
>
> The SSHPolicyKitSetup page at the libvirt wiki states right at the top
> that "As of polkit 0.106 the .pkla format is no more, and these
> configuration files must be written in Javascript."
>
> Further down the page, it reinforces this statement with "The
> information in this section is obsolete; see the top of this page for
> more information."
>
> However, both of those statements are incorrect. Following the
> directions provided by [1] from the wiki page produced zero results -
> the operation still failed with "authentication failed: no agent is
> available to authenticate" when attempting to connect. [...]
It sounds like you're volunteering to update the wiki page :-)
(Seriously, auto account creation is disabled on the wiki, but Dan
Berrange has the necessary credentials to create an account for you.)
More information about the libvir-list
mailing list