yupzhang
2012-Dec-07 02:33 UTC
[libvirt-users] Virsh cmd virsh -c qemu:///system fail with ssh connect a non-root user.
On 12/07/2012 12:56 AM, Eric Blake wrote:> On 12/06/2012 02:53 AM, yupzhang wrote: >> HI Eric, >> >> I have a question about remote access and usermode: >> >> 1.Install a host with graphic,and then configure libvirt environment. >> >> 2.Login with non-root user.Then run: >> $ virsh -c qemu:///system >> Authenticate dialogue will pop up,input the root password,then >> successfully connect qemu:///system. >> >> 3.On another host,connect the host in step 1 with ssh like this: >> #ssh -X yuping at 10.66.*.* >> input yuping's password.Then ssh to remote yuping user successfully. >> >> 4.Run command: >> $ virsh -c qemu:///system >> error: authentication failed: Authorization requires authentication but >> no agent is available. >> >> error: failed to connect to the hypervisor >> >> Is this a bug? I'm not sure about this,so confirm with you. > Questions like this are better asked to the libvirt-users at redhat.com > list, where there are more people available to answer the question. > This particular email nearly got lost in the black hole of a hard disk > failure on my end last week. > > Does the failure also happen when you use 'ssh -A -X' and/or 'ssh -Y' > instead of plain 'ssh -X'? I suspect that this is an expected > limitation of how polkit authentication works, where a local user can be > trusted to provide the credentials needed, but where an ssh session is > not a local user; but as I am not very familiar with the libvirt code > that interacts with polkit, I recommend that you ask the list. >Hi Eric, Thanks for your reply,I have added libvirt-users@ to cc list. I have tried 'ssh -A -X' and 'ssh -Y',still failed: $ virsh -c qemu:///system error: authentication failed: Authorization requires authentication but no agent is available. error: failed to connect to the hypervisor Can anyone help me? Thanks, Yuping>> In my opinion,this command should connect qemu:///system successfully >> with input root password,even with ssh connect to non-root user,the >> behaviour should keep same.Am I right? > Authentication is a tricky matter - there is a difference between a > local user and a user connected through ssh, at least in the eyes of > polkit authentication, and I don't know if the behavior you observe is > intentional or a bug. >
Seemingly Similar Threads
- Remote connect using virsh qemu+ssh hangs / PolicyKit issue
- unable to creating/list storage pools using non-root user
- remote connection issue 'virsh -c qemu+ssh:///root@localhost/system list'
- Using qemu+ssh on openSUSE 13.1/Tumbleweed
- Re: P2P live migration with non-shared storage: fails to connect to remote libvirt URI qemu+ssh
Wisdom of the Ancients
