This patch adds an extra no_tty=1 flag to the connection URI. This stops ssh from asking for a password if it can't log in automatically. Typical use-case for this is in graphical programs where if ssh asks for a password it would cause the GUI program to hang.

Example:

$ virsh -c xen+ssh://xxx/ list
[EMAIL PROTECTED]'s password:
Permission denied, please try again.
[EMAIL PROTECTED]'s password:
Permission denied, please try again.
[EMAIL PROTECTED]'s password:
Permission denied (publickey,gssapi-with-mic,password).
libvir: Remote error : Connection reset by peer
error: failed to connect to the hypervisor
error: no valid connection

$ virsh -c xen+ssh://xxx/?no_tty=1 list
Permission denied (publickey,gssapi-with-mic,password).
libvir: Remote error : Connection reset by peer
error: failed to connect to the hypervisor
error: no valid connection


Rich.

--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.  Registered in
England and Wales under Company Registration No. 03798903
Index: docs/libvir.html
===================================================================
RCS file: /data/cvs/libvirt/docs/libvir.html,v
retrieving revision 1.81
diff -u -p -r1.81 libvir.html
--- docs/libvir.html	10 Sep 2007 15:16:25 -0000	1.81
+++ docs/libvir.html	12 Sep 2007 10:22:00 -0000
@@ -1762,6 +1762,20 @@ Note that parameter values must be
 <td> Example: <code>no_verify=1</code> </td>
 </tr>
 
+<tr>
+<td> <code>no_tty</code> </td>
+<td> ssh </td>
+<td>
+  If set to a non-zero value, this stops ssh from asking for
+  a password if it cannot log in to the remote machine automatically
+  (eg. using ssh-agent etc.).  Use this when you don't have access
+  to a terminal - for example in graphical programs which use libvirt.
+</td>
+</tr>
+<tr> <td colspan="2"></td>
+<td> Example: <code>no_tty=1</code> </td>
+</tr>
+
 </table>
 
 <h3><a name="Remote_certificates">Generating TLS certificates</a></h3>
Index: src/remote_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/remote_internal.c,v
retrieving revision 1.21
diff -u -p -r1.21 remote_internal.c
--- src/remote_internal.c	21 Aug 2007 10:08:12 -0000	1.21
+++ src/remote_internal.c	12 Sep 2007 10:22:07 -0000
@@ -290,7 +290,7 @@ doRemoteOpen (virConnectPtr conn, struct
      */
     char *name = 0, *command = 0, *sockname = 0, *netcat = 0, *username = 0;
     char *server = 0, *port = 0;
-    int no_verify = 0;
+    int no_verify = 0, no_tty = 0;
     char **cmd_argv = 0;
 
     /* Return code from this function, and the private data. */
@@ -355,6 +355,9 @@ doRemoteOpen (virConnectPtr conn, struct
         } else if (strcasecmp (var->name, "no_verify") == 0) {
             no_verify = atoi (var->value);
             var->ignore = 1;
+        } else if (strcasecmp (var->name, "no_tty") == 0) {
+            no_tty = atoi (var->value);
+            var->ignore = 1;
         }
 #if DEBUG
         else
@@ -553,7 +556,10 @@ doRemoteOpen (virConnectPtr conn, struct
     }
 
     case trans_ssh: {
-        int j, nr_args = username ? 10 : 8;
+        int j, nr_args = 8;
+
+        if (username) nr_args += 2; /* For -l username */
+        if (no_tty) nr_args += 2;   /* For -o PasswordAuthentication=no */
 
         command = command ? : strdup ("ssh");
 
@@ -568,6 +574,10 @@ doRemoteOpen (virConnectPtr conn, struct
             cmd_argv[j++] = strdup ("-l");
             cmd_argv[j++] = strdup (username);
         }
+        if (no_tty) {
+            cmd_argv[j++] = strdup ("-o");
+            cmd_argv[j++] = strdup ("PasswordAuthentication=no");
+        }
         cmd_argv[j++] = strdup (server);
         cmd_argv[j++] = strdup (netcat ? netcat : "nc");
         cmd_argv[j++] = strdup ("-U");

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to