[PATCH] tests/vm: use -o IdentitiesOnly=yes for ssh

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] tests/vm: use -o IdentitiesOnly=yes for ssh
@ 2022-10-27 11:30 Ilya Leoshkevich
  2022-10-27 12:19 ` Thomas Huth
  2022-10-27 15:48 ` Alex Bennée
  0 siblings, 2 replies; 3+ messages in thread
From: Ilya Leoshkevich @ 2022-10-27 11:30 UTC (permalink / raw)
  To: Alex Bennée, Philippe Mathieu-Daudé, Thomas Huth,
	Wainer dos Santos Moschetta, Beraldo Leal
  Cc: qemu-devel, Ilya Leoshkevich

When one has a lot of keys in ~/.ssh directory, the ssh command will
try all of them before the one specified on the command line, and this
may cause the remote ssh server to reject the connection due to too
many failed authentication attempts.

Fix by adding -o IdentitiesOnly=yes, which makes the ssh client
consider only the keys specified on the command line.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tests/vm/basevm.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 4fd9af10b7f..2276364c42f 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -233,7 +233,8 @@ def _ssh_do(self, user, cmd, check):
                    "-o", "UserKnownHostsFile=" + os.devnull,
                    "-o",
                    "ConnectTimeout={}".format(self._config["ssh_timeout"]),
-                   "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file]
+                   "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file,
+                   "-o", "IdentitiesOnly=yes"]
         # If not in debug mode, set ssh to quiet mode to
         # avoid printing the results of commands.
         if not self.debug:
-- 
2.37.2



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] tests/vm: use -o IdentitiesOnly=yes for ssh
  2022-10-27 11:30 [PATCH] tests/vm: use -o IdentitiesOnly=yes for ssh Ilya Leoshkevich
@ 2022-10-27 12:19 ` Thomas Huth
  2022-10-27 15:48 ` Alex Bennée
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Huth @ 2022-10-27 12:19 UTC (permalink / raw)
  To: Ilya Leoshkevich, Alex Bennée, Philippe Mathieu-Daudé,
	Wainer dos Santos Moschetta, Beraldo Leal
  Cc: qemu-devel

On 27/10/2022 13.30, Ilya Leoshkevich wrote:
> When one has a lot of keys in ~/.ssh directory, the ssh command will
> try all of them before the one specified on the command line, and this
> may cause the remote ssh server to reject the connection due to too
> many failed authentication attempts.
> 
> Fix by adding -o IdentitiesOnly=yes, which makes the ssh client
> consider only the keys specified on the command line.
> 
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   tests/vm/basevm.py | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
> index 4fd9af10b7f..2276364c42f 100644
> --- a/tests/vm/basevm.py
> +++ b/tests/vm/basevm.py
> @@ -233,7 +233,8 @@ def _ssh_do(self, user, cmd, check):
>                      "-o", "UserKnownHostsFile=" + os.devnull,
>                      "-o",
>                      "ConnectTimeout={}".format(self._config["ssh_timeout"]),
> -                   "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file]
> +                   "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file,
> +                   "-o", "IdentitiesOnly=yes"]
>           # If not in debug mode, set ssh to quiet mode to
>           # avoid printing the results of commands.
>           if not self.debug:

Ah, great, I've run into this problem in the past already, too, but I didn't 
find that config switch! Good to know that there is a solution!

Reviewed-by: Thomas Huth <thuth@redhat.com>



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] tests/vm: use -o IdentitiesOnly=yes for ssh
  2022-10-27 11:30 [PATCH] tests/vm: use -o IdentitiesOnly=yes for ssh Ilya Leoshkevich
  2022-10-27 12:19 ` Thomas Huth
@ 2022-10-27 15:48 ` Alex Bennée
  1 sibling, 0 replies; 3+ messages in thread
From: Alex Bennée @ 2022-10-27 15:48 UTC (permalink / raw)
  To: Ilya Leoshkevich
  Cc: Philippe Mathieu-Daudé, Thomas Huth,
	Wainer dos Santos Moschetta, Beraldo Leal, qemu-devel


Ilya Leoshkevich <iii@linux.ibm.com> writes:

> When one has a lot of keys in ~/.ssh directory, the ssh command will
> try all of them before the one specified on the command line, and this
> may cause the remote ssh server to reject the connection due to too
> many failed authentication attempts.
>
> Fix by adding -o IdentitiesOnly=yes, which makes the ssh client
> consider only the keys specified on the command line.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>

Queued to testing/next, thanks.

-- 
Alex Bennée


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-10-27 15:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-27 11:30 [PATCH] tests/vm: use -o IdentitiesOnly=yes for ssh Ilya Leoshkevich
2022-10-27 12:19 ` Thomas Huth
2022-10-27 15:48 ` Alex Bennée

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).