[libvirt-users] Virsh+QEMU, SSH issue on compiled libvirt
Peter Krempa
pkrempa at redhat.com
Wed Mar 6 09:35:08 UTC 2013
On 03/05/13 23:06, Will Dennis wrote:
> Hi Shantan,
>
> I believe the problem may be that libvirt 1.x requires TLS by default on
> connections. I saw that same problem the 1^st time I replaces a running
> libvirt 0.9.x with 1.0.0. I believe there may be a way to turn off this
> requirement in libvirtd.conf, e.g.
This is true for normal connections using TCP. SSH tunneling works in a
different way.
>
> #
>
> # Network connectivity controls
>
> #
>
> # Flag listening for secure TLS connections on the public TCP/IP port.
>
> # NB, must pass the --listen flag to the libvirtd process for this to
>
> # have any effect.
>
> #
>
> # It is necessary to setup a CA and issue server certificates before
>
> # using this capability.
>
> #
>
> # This is enabled by default, uncomment this to disable it
>
> #listen_tls = 0
>
> # Listen for unencrypted TCP connections on the public TCP/IP port.
>
> # NB, must pass the --listen flag to the libvirtd process for this to
>
> # have any effect.
>
> #
>
> # Using the TCP socket requires SASL authentication by default. Only
>
> # SASL mechanisms which support data encryption are allowed. This is
>
> # DIGEST_MD5 and GSSAPI (Kerberos5)
>
> #
>
> # This is disabled by default, uncomment this to enable it.
>
> #listen_tcp = 1 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
This is not needed for SSH.
>
> On the two instances of libvirt 1.x I have deployed, I just configure
> and use TLS. Instructions on doing this may be found here:
>
> http://wiki.libvirt.org/page/TLSSetup
Please verify that you've got "netcat" installed on the host the daemon
is running on (command "nc" in the shell). Also you need to verify that
the user account you are using on the machine the daemon is running on
has rights to access the libvirt socket.
Peter
More information about the libvirt-users
mailing list