This patch adds an extra no_tty=1 flag to the connection URI. This stops ssh from asking for a password if it can't log in automatically. Typical use-case for this is in graphical programs where if ssh asks for a password it would cause the GUI program to hang.
Example: $ virsh -c xen+ssh://xxx/ list [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Permission denied (publickey,gssapi-with-mic,password). libvir: Remote error : Connection reset by peer error: failed to connect to the hypervisor error: no valid connection $ virsh -c xen+ssh://xxx/?no_tty=1 list Permission denied (publickey,gssapi-with-mic,password). libvir: Remote error : Connection reset by peer error: failed to connect to the hypervisor error: no valid connection Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903
Index: docs/libvir.html =================================================================== RCS file: /data/cvs/libvirt/docs/libvir.html,v retrieving revision 1.81 diff -u -p -r1.81 libvir.html --- docs/libvir.html 10 Sep 2007 15:16:25 -0000 1.81 +++ docs/libvir.html 12 Sep 2007 10:22:00 -0000 @@ -1762,6 +1762,20 @@ Note that parameter values must be <td> Example: <code>no_verify=1</code> </td> </tr> +<tr> +<td> <code>no_tty</code> </td> +<td> ssh </td> +<td> + If set to a non-zero value, this stops ssh from asking for + a password if it cannot log in to the remote machine automatically + (eg. using ssh-agent etc.). Use this when you don't have access + to a terminal - for example in graphical programs which use libvirt. +</td> +</tr> +<tr> <td colspan="2"></td> +<td> Example: <code>no_tty=1</code> </td> +</tr> + </table> <h3><a name="Remote_certificates">Generating TLS certificates</a></h3> Index: src/remote_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/remote_internal.c,v retrieving revision 1.21 diff -u -p -r1.21 remote_internal.c --- src/remote_internal.c 21 Aug 2007 10:08:12 -0000 1.21 +++ src/remote_internal.c 12 Sep 2007 10:22:07 -0000 @@ -290,7 +290,7 @@ doRemoteOpen (virConnectPtr conn, struct */ char *name = 0, *command = 0, *sockname = 0, *netcat = 0, *username = 0; char *server = 0, *port = 0; - int no_verify = 0; + int no_verify = 0, no_tty = 0; char **cmd_argv = 0; /* Return code from this function, and the private data. */ @@ -355,6 +355,9 @@ doRemoteOpen (virConnectPtr conn, struct } else if (strcasecmp (var->name, "no_verify") == 0) { no_verify = atoi (var->value); var->ignore = 1; + } else if (strcasecmp (var->name, "no_tty") == 0) { + no_tty = atoi (var->value); + var->ignore = 1; } #if DEBUG else @@ -553,7 +556,10 @@ doRemoteOpen (virConnectPtr conn, struct } case trans_ssh: { - int j, nr_args = username ? 10 : 8; + int j, nr_args = 8; + + if (username) nr_args += 2; /* For -l username */ + if (no_tty) nr_args += 2; /* For -o PasswordAuthentication=no */ command = command ? : strdup ("ssh"); @@ -568,6 +574,10 @@ doRemoteOpen (virConnectPtr conn, struct cmd_argv[j++] = strdup ("-l"); cmd_argv[j++] = strdup (username); } + if (no_tty) { + cmd_argv[j++] = strdup ("-o"); + cmd_argv[j++] = strdup ("PasswordAuthentication=no"); + } cmd_argv[j++] = strdup (server); cmd_argv[j++] = strdup (netcat ? netcat : "nc"); cmd_argv[j++] = strdup ("-U");
smime.p7s
Description: S/MIME Cryptographic Signature
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list