|
 |
c1a9fa |
From c34fe9a52abdde05cb31c5bd2c99237652e1b0dc Mon Sep 17 00:00:00 2001
|
|
|
c1a9fa |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
c1a9fa |
Date: Mon, 11 Jul 2022 09:01:56 +0200
|
|
|
c1a9fa |
Subject: [PATCH] input-xen: sync "-ip" limitations language from input-vmware
|
|
|
c1a9fa |
manual
|
|
|
c1a9fa |
|
|
|
c1a9fa |
My analysis in <https://bugzilla.redhat.com/show_bug.cgi?id=1854275#c33>
|
|
|
c1a9fa |
was partially wrong; I had missed that for the xen+ssh transport, the
|
|
|
c1a9fa |
client-side libvirt library launches a naked "ssh" utility, underneath
|
|
|
c1a9fa |
"Libvirt.Connect.connect_auth":
|
|
|
c1a9fa |
|
|
|
c1a9fa |
setup [input/input_xen_ssh.ml]
|
|
|
c1a9fa |
Libvirt.Connect.connect_auth
|
|
|
c1a9fa |
no effect of "-ip"
|
|
|
c1a9fa |
Nbdkit_ssh.create_ssh [input/nbdkit_ssh.ml]
|
|
|
c1a9fa |
starts nbdkit with the ssh
|
|
|
c1a9fa |
plugin honoring "-ip"
|
|
|
c1a9fa |
|
|
|
c1a9fa |
Which requires a password just the same, and ignores "-ip" just the same.
|
|
|
c1a9fa |
|
|
|
c1a9fa |
Recommend the ssh agent in the docs.
|
|
|
c1a9fa |
|
|
|
c1a9fa |
Fixes: 46298c6514710013c59828b4933f0b3b1a354566
|
|
|
c1a9fa |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1854275
|
|
|
c1a9fa |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360
|
|
|
c1a9fa |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
c1a9fa |
Message-Id: <20220711070157.5399-2-lersek@redhat.com>
|
|
|
c1a9fa |
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
c1a9fa |
(cherry picked from commit ae067a9ce0eb5631940a8cc5dcc5ee056903276b)
|
|
|
c1a9fa |
---
|
|
|
c1a9fa |
docs/virt-v2v-input-xen.pod | 5 +++++
|
|
|
c1a9fa |
1 file changed, 5 insertions(+)
|
|
|
c1a9fa |
|
|
|
c1a9fa |
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
|
|
|
c1a9fa |
index ad5772de..80ad94f7 100644
|
|
|
c1a9fa |
--- a/docs/virt-v2v-input-xen.pod
|
|
|
c1a9fa |
+++ b/docs/virt-v2v-input-xen.pod
|
|
|
c1a9fa |
@@ -32,6 +32,11 @@ server to the Xen host. For example:
|
|
|
c1a9fa |
$ ssh root@xen.example.com
|
|
|
c1a9fa |
[ logs straight into the shell, no password is requested ]
|
|
|
c1a9fa |
|
|
|
c1a9fa |
+Note that support for non-interactive authentication via the I<-ip>
|
|
|
c1a9fa |
+option is incomplete. Some operations remain that still require the
|
|
|
c1a9fa |
+user to enter the password manually. Therefore ssh-agent is recommended
|
|
|
c1a9fa |
+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.
|
|
|
c1a9fa |
+
|
|
|
c1a9fa |
With some modern ssh implementations, legacy crypto policies required
|
|
|
c1a9fa |
to interoperate with RHEL 5 sshd are disabled. To enable them you may
|
|
|
c1a9fa |
need to run this command on the conversion server (ie. ssh client),
|