Renout, Thank you! now it works :-) it makes sense. On Fri, Feb 9, 2018 at 12:03 PM, Renout Gerrits <m...@renout.nl> wrote:
> Hi Maoz, > > You should not be using the engine and not the root user for the ssh keys. > The actions are delegated to a host and the vdsm user. So you should set-up > ssh keys for the vdsm user on one or all of the hosts (remember to select > this host as proxy host in the gui). Probably the documentation should be > updated to make this more clear. > > 1. Make the keygen for vdsm user: > > # sudo -u vdsm ssh-keygen > > 2.Do the first login to confirm the fingerprints using "yes": > > # sudo -u vdsm ssh r...@xxx.xxx.xxx.xxx > > 3. Then copy the key to the KVm host running the vm: > > # sudo -u vdsm ssh-copy-id r...@xxx.xxx.xxx.xxx > > 4. Now verify is vdsm can login without password or not: > > # sudo -u vdsm ssh r...@xxx.xxx.xxx.xxx > > > On Thu, Feb 8, 2018 at 3:12 PM, Petr Kotas <pko...@redhat.com> wrote: > >> You can generate one :). There are different guides for different >> platforms. >> >> The link I sent is the good start on where to put the keys and how to set >> it up. >> >> Petr >> >> On Thu, Feb 8, 2018 at 3:09 PM, maoz zadok <mao...@gmail.com> wrote: >> >>> Using the command line on the engine machine (as root) works fine. I >>> don't use ssh key from the agent GUI but the authentication section (with >>> root user and password), >>> I think that it's a bug, I manage to migrate with TCP but I just want to >>> let you know. >>> >>> is it possible to use ssh-key from the agent GUI? how can I get the key? >>> >>> On Thu, Feb 8, 2018 at 2:51 PM, Petr Kotas <pko...@redhat.com> wrote: >>> >>>> Hi Maoz, >>>> >>>> it looks like cannot connect due to wrong setup of ssh keys. Which >>>> linux are you using? >>>> The guide for setting the ssh connection to libvirt is here: >>>> https://wiki.libvirt.org/page/SSHSetup >>>> >>>> May it helps? >>>> >>>> Petr >>>> >>>> On Wed, Feb 7, 2018 at 10:53 PM, maoz zadok <mao...@gmail.com> wrote: >>>> >>>>> Hello there, >>>>> >>>>> I'm following https://www.ovirt.org/develop/ >>>>> release-management/features/virt/KvmToOvirt/ guide in order to import >>>>> VMS from Libvirt to oVirt using ssh. >>>>> URL: "qemu+ssh://host1.example.org/system" >>>>> >>>>> and get the following error: >>>>> Failed to communicate with the external provider, see log for >>>>> additional details. >>>>> >>>>> >>>>> *oVirt agent log:* >>>>> >>>>> *- Failed to retrieve VMs information from external server >>>>> qemu+ssh://XXX.XXX.XXX.XXX/system* >>>>> *- VDSM XXX command GetVmsNamesFromExternalProviderVDS failed: Cannot >>>>> recv data: Host key verification failed.: Connection reset by peer* >>>>> >>>>> >>>>> >>>>> *remote host sshd DEBUG log:* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: Connection from XXX.XXX.XXX.147 >>>>> port 48148 on XXX.XXX.XXX.123 port 22* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Client protocol version >>>>> 2.0; client software version OpenSSH_7.4* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: match: OpenSSH_7.4 pat >>>>> OpenSSH* compat 0x04000000* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Local version string >>>>> SSH-2.0-OpenSSH_7.4* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Enabling compatibility mode >>>>> for protocol 2.0* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SELinux support disabled >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: permanently_set_uid: 74/74 >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: list_hostkey_types: >>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT sent >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT received >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: algorithm: >>>>> curve25519-sha256 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: host key algorithm: >>>>> ecdsa-sha2-nistp256 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: client->server cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: server->client cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: expecting >>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: rekey after 134217728 >>>>> blocks [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_NEWKEYS sent >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: expecting SSH2_MSG_NEWKEYS >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: Connection closed by >>>>> XXX.XXX.XXX.147 port 48148 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: do_cleanup [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: do_cleanup* >>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Killing privsep child >>>>> 110006* >>>>> *Feb 7 16:38:29 XXX sshd[109922]: debug1: Forked child 110007.* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Set >>>>> /proc/self/oom_score_adj to 0* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: rexec start in 5 out 5 >>>>> newsock 5 pipe 7 sock 8* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: inetd sockets after >>>>> dupping: 3, 3* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: Connection from XXX.XXX.XXX.147 >>>>> port 48150 on XXX.XXX.XXX.123 port 22* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Client protocol version >>>>> 2.0; client software version OpenSSH_7.4* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: match: OpenSSH_7.4 pat >>>>> OpenSSH* compat 0x04000000* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Local version string >>>>> SSH-2.0-OpenSSH_7.4* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Enabling compatibility mode >>>>> for protocol 2.0* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SELinux support disabled >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: permanently_set_uid: 74/74 >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: list_hostkey_types: >>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT sent >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT received >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: algorithm: >>>>> curve25519-sha256 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: host key algorithm: >>>>> ecdsa-sha2-nistp256 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: client->server cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: server->client cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: expecting >>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: rekey after 134217728 >>>>> blocks [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_NEWKEYS sent >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: expecting SSH2_MSG_NEWKEYS >>>>> [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: Connection closed by >>>>> XXX.XXX.XXX.147 port 48150 [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: do_cleanup [preauth]* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: do_cleanup* >>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Killing privsep child >>>>> 110008* >>>>> *Feb 7 16:38:30 XXX sshd[109922]: debug1: Forked child 110009.* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Set >>>>> /proc/self/oom_score_adj to 0* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: rexec start in 5 out 5 >>>>> newsock 5 pipe 7 sock 8* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: inetd sockets after >>>>> dupping: 3, 3* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: Connection from XXX.XXX.XXX.147 >>>>> port 48152 on XXX.XXX.XXX.123 port 22* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Client protocol version >>>>> 2.0; client software version OpenSSH_7.4* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: match: OpenSSH_7.4 pat >>>>> OpenSSH* compat 0x04000000* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Local version string >>>>> SSH-2.0-OpenSSH_7.4* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Enabling compatibility mode >>>>> for protocol 2.0* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SELinux support disabled >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: permanently_set_uid: 74/74 >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: list_hostkey_types: >>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT sent >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT received >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: algorithm: >>>>> curve25519-sha256 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: host key algorithm: >>>>> ecdsa-sha2-nistp256 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: client->server cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: server->client cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: expecting >>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: rekey after 134217728 >>>>> blocks [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_NEWKEYS sent >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: expecting SSH2_MSG_NEWKEYS >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: Connection closed by >>>>> XXX.XXX.XXX.147 port 48152 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: do_cleanup [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: do_cleanup* >>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Killing privsep child >>>>> 110010* >>>>> *Feb 7 16:38:30 XXX sshd[109922]: debug1: Forked child 110011.* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Set >>>>> /proc/self/oom_score_adj to 0* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: rexec start in 5 out 5 >>>>> newsock 5 pipe 7 sock 8* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: inetd sockets after >>>>> dupping: 3, 3* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: Connection from XXX.XXX.XXX.147 >>>>> port 48154 on XXX.XXX.XXX.123 port 22* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Client protocol version >>>>> 2.0; client software version OpenSSH_7.4* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: match: OpenSSH_7.4 pat >>>>> OpenSSH* compat 0x04000000* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Local version string >>>>> SSH-2.0-OpenSSH_7.4* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Enabling compatibility mode >>>>> for protocol 2.0* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SELinux support disabled >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: permanently_set_uid: 74/74 >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: list_hostkey_types: >>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT sent >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT received >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: algorithm: >>>>> curve25519-sha256 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: host key algorithm: >>>>> ecdsa-sha2-nistp256 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: client->server cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: server->client cipher: >>>>> chacha20-poly1...@openssh.com <chacha20-poly1...@openssh.com> MAC: >>>>> <implicit> compression: none [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256 >>>>> need=64 dh_need=64 [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: expecting >>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: rekey after 134217728 >>>>> blocks [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_NEWKEYS sent >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: expecting SSH2_MSG_NEWKEYS >>>>> [preauth]* >>>>> *Feb 7 16:38:30 XXX sshd[110011]: Connection closed by >>>>> XXX.XXX.XXX.147 port 48154 [preauth]* >>>>> >>>>> >>>>> Thank you! >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >>>>> >>>> >>> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users