Closed Andrysky closed 2 years ago
Same here, with a KVM node, both frontend and KVM node with Ubuntu 20.04.
I'm on frontend, i want to:
I can do that only if the first ssh (frontend -> kvm node) is:
SSH_AUTH_SOCK=/run/one/ssh-agent.sock ssh -A <kvm_node>
Yes aded-cmcc, this is how it's supposed to work. Since 5.12 it's no longer needed to distribute private ssh oneadmin key to nodes, but to get also the backward ssh connection password less the SSH agent is used (see opennebula-ssh-agent.service).
Yes aded-cmcc, this is how it's supposed to work. Since 5.12 it's no longer needed to distribute private ssh oneadmin key to nodes, but to get also the backward ssh connection password less the SSH agent is used (see opennebula-ssh-agent.service).
Okay, but I have read "KVM node installation" and "Advanced SSH usage" (the original issue was opened on OpenNebula/one), and it's not clear how to properly set SSH configuration for the oneadmin user.
Let's say, why not to add ForwardAgent yes
in SSH configuration? Why not to set a .profile
for exporting SSH_AUTH_SOCK
?
Maybe I missed some documentation, I apologize if this is the case. Can you point me out where these settings are documented? Please consider that I haven't included any additional keys from non-standard locations.
Thanks.
Yes, I moved the issue to MiniONE while I was expecting some installation/configuration issue, but later on realized it's not even a bug (I think).
Regarding the password less from host -> frontend, it's not required in many cases, only in a few actually (mv/mvds/snap_create etc). So in the drivers, it's turned on only when needed to minimize the security impact, see function ssh_forward.
But as you noted, you can adjust the configuration as you need.
Description
To Reproduce Front-end(ubuntu 20.10)
host(ubuntu 20.04.2)
2)add public key from Front-end to host 3)add host to Front-end
3)download alpine_3.13 - LXD-10 from apps(MarketStore) 4)deploy to host (create instances)
Сurrent behavior
or
Expected behavior deploy success or
Details
Additional context in https://docs.opennebula.io/6.0/open_cluster_deployment/lxc_node/lxc_node_installation.html#step-4-configure-passwordless-ssh written
Progress Status