On Sun, Jun 7, 2020 at 4:07 PM Michael Thomas <w...@caltech.edu> wrote: > > On 6/7/20 5:01 AM, Yedidyah Bar David wrote: > > On Sat, Jun 6, 2020 at 8:42 PM Michael Thomas <w...@caltech.edu> wrote: > >> > >> After a week of iterations, I finally found the problem. I was setting > >> 'PermitRootLogin no' in the global section of the bare metal OS > >> sshd_config, as we do on all of our servers. Instead, PermitRootLogin is > >> set to 'without-password' in a match block to allow root logins only from > >> a well-known set of hosts.
I understand that you meant to say that this is already working for you, right? That you set it to allow without-password from some addresses and that that was enough. If so: > > > > Thanks for the report! > > > >> > >> Can someone explain why setting 'PermitRootLogin no' in the sshd_config on > >> the hypervisor OS would affect the hosted engine deployment? > > > > Because the engine (running inside a VM) uses ssh as root to connect > > to the host (in which the engine vm is running). > > Would it be sufficient to set, on the host, 'PermitRootLogin > without-password' in a Match block that matches the ovirt management > network? > > Match Address 10.10.10.0/24 > PermitRootLogin without-password > > ? Do you mean here to ask if 10.10.10.10/24 is enough? The engine VM's IP address should be enough. What this address is, after deploy finishes, is of course up to you. During deploy it's by default in libvirt's default network, 192.168.222.0/24, but can be different if that's already in use by something else (e.g. a physical NIC). BTW, I didn't test this myself. I do see in the code that it's supposed to work. If you find a bug, please report one. Thanks. Best regards, -- Didi _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/F7FIW65YWL246J2FZKSGRNXDWX3ITPS5/