[libvirt-users] xen+ssh with openauth
Daniel P. Berrange
berrange at redhat.com
Tue Nov 3 15:37:40 UTC 2015
On Tue, Nov 03, 2015 at 10:14:00AM +0200, Shahar Havivi wrote:
> Hi,
>
> I am trying to connect to remote libvirt via script,
> and I get password prompt from the shell.
>
>
> ============================================================================
> uri='xen+ssh://root@myserver/?no_verify=1'
> def req(credentials, user_data):
> print('in req...\n')
> for cred in credentials:
> if cred[0] == libvirt.VIR_CRED_AUTHNAME:
> cred[4] = username
> elif cred[0] == libvirt.VIR_CRED_PASSPHRASE:
> cred[4] = passwd
> return 0
>
> auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], req, None]
> con = libvirt.openAuth(uri, auth, 0)
> ============================================================================
>
> The script never enter req() method but prompts for password, after I enter
> the password I am able to connect to the remote machine.
The '+ssh' method actually spawns the /usr/bin/ssh binary to connect to
the remote host. As such libvirt has no API mechanism to handle credential
collection for the binary via openAuth(). So the only viable way to use the
+ssh method is with SSH keys and SSH agent, to avoid any interactive auth
prompts.
There is an alternative method +libssh2 which uses the libssh2 library
instead of SSH binary. This allows libvirt to collect credentials via
the openAuth() method.
http://libvirt.org/remote.html#Remote_URI_reference
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list