qemu+ssh connections to a remote libvirt fail as ssh banner configured

Yalan Zhang yalzhang at redhat.com
Thu Feb 10 09:47:43 UTC 2022 

Thank you! I tried /etc/motd, and it does not impact the libvirt connection.
Happy to learn something new!

On Thu, Feb 10, 2022 at 4:50 PM Daniel P. Berrangé <berrange at redhat.com>
wrote:

> On Thu, Feb 10, 2022 at 09:33:38AM +0100, Michal Prívozník wrote:
> > On 2/10/22 09:02, Daniel P. Berrangé wrote:
> > > On Thu, Feb 10, 2022 at 09:52:52AM +0800, Yalan Zhang wrote:
> > >> Hi there,
> > >>
> > >> I have a system configured with ssh login banner like as below:
> > >> # cat ~/.bashrc
> > >> ...
> > >> echo
> > >>
> "================================================================================="
> > >> echo "====== This machine is occupied by xxx for testing now. If you
> are
> > >> about to use it, contact xxx first ======"
> > >> echo
> > >>
> "================================================================================="
> > >>
> > >> It works as expected that whenever someone logs into this system by
> ssh,
> > >> he/she will see this warning message.
> > >> But it seems such settings will impact a virsh client connection with
> ssh,
> > >> when I try to connect the libvirt daemon on this system, it will
> error out :
> > >> # virsh -c qemu+ssh://${my_host}/system list --all
> > >> root@${my_host}'s password:
> > >> error: failed to connect to the hypervisor
> > >> error: packet 1027423545 bytes received from server too large, want
> 33554432
> > >
> > > Libvirt is tunnelling an RPC protocol over the SSH connection.
> > > Your bashrc is printing this text onto the SSH conmnection and
> > > that corrupts the libvirt RPC protocol.
> > >
> > > If you want to print something whjen people login use the
> > > /etc/motd file which is designed for this pupose, don't
> > > print stuff from a .bashrc.  Libvirt gives the options to
> > > SSH that prevent display of /etc/motd contents, so that
> > > its RPC protocol doesn't get corrupted.
> >
> > One more thing, I wasn't able to reproduce when virt-ssh-helper was
> > used. But maybe I wasn't trying hard enough.
>
> That should be affected in exactly the same way. It still relies on
> stdout/stdin being clean data channels.
>
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-
> https://www.instagram.com/dberrange :|
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220210/040c88bc/attachment.htm>

More information about the libvirt-users mailing list