<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><br>Sorry, I missed a reference in the previous one. Completed below.<br><br>--- On <b>Fri, 3/23/12, biro lehel <i><lehel.biro@yahoo.com></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: biro lehel <lehel.biro@yahoo.com><br>Subject: Re: [one-users] Passwordless ssh between VM's?<br>To: "Poul Kristensen" <bcc5226@gmail.com>, "Olivier Sallou" <olivier.sallou@irisa.fr><br>Cc: users@lists.opennebula.org<br>Date: Friday, March 23, 2012, 8:49 AM<br><br><div id="yiv1316614934"><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td style="font:inherit;" valign="top"><div id="yiv1316614934"><table id="yiv1316614934bodyDrftID" class="yiv1316614934" border="0" cellpadding="0" cellspacing="0"><tbody><tr><td id="yiv1316614934drftMsgContent"
style="font:inherit;font-family:arial;font-size:10pt;">Hello,<br><br>Thank you both Poul and Olivier for your answers. Poul, regarding my environment: it is small-scale experimental environment (up to ~10 VM's), NOT a production one. For experimental and test cases, should I go with the solution written by Olivier, or is it still more easier and convenient to use Kerberos? I would like to choose the most easily implementable solution here, since I'm a bit running out of time.<br><br>Regarding Olivier's solution.. as I understand, it's basically the same than the method for obtaining passwordless ssh between the physical nodes, described at [1]. My question is, what is the difference
(if any) between setting up pwdless ssh between the physical machines, and setting up pwdless ssh between the VM's? Also, Olivier, you have mentioned this:<br><br> >At boot
time you load the ssh key for a file set in CONTEXT
template, with a key <br> >dedicated per user. Or, still at boot time, you
trigger a server (you made) to get a SSH <br> >key from the VM ip.<br><br>I'm not exactly sure what these mean. Could you or anyone else please detail what to do to obtain these boot-time settings?<br><br>[1] <a href="http://opennebula.org/documentation:rel3.2:ssh_auth">http://opennebula.org/documentation:rel3.2:ssh_auth</a><br><br>Thank you, <br>Lehel.<br><br><br>--- On <b>Thu, 3/22/12, Poul Kristensen <i><bcc5226@gmail.com></i></b> wrote:<br><blockquote style="border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;"><br>From: Poul Kristensen <bcc5226@gmail.com><br>Subject: Re: [one-users] Passwordless ssh between VM's?<br>To: users@lists.opennebula.org<br>Date: Thursday, March 22, 2012, 12:40 PM<br><br><div id="yiv1316614934">Setup a Kerberos server and use tickets. You do not need to arrange private/public keys on every server (host/vm's). <br><br><div class="yiv1316614934gmail_quote">2012/3/22 Olivier
Sallou <span dir="ltr"><<a rel="nofollow">olivier.sallou@irisa.fr</a>></span><br>
<blockquote class="yiv1316614934gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>
<br>
<br>
Le 3/22/12 6:53 AM, biro lehel a écrit :
<div class="yiv1316614934im"><blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">Hello everyone,<br>
<br>
I'm looking for the most convenient setting to be able to
passwordlessly ssh between the VM's created by OpenNebula.
I've noticed that the settings which provide passwordless
ssh from the Front-end (or Hosts) into VM's do not deal
with this, the system is still asking for a password if I
want to ssh from VM into VM. So, did I do something wrong,
and in theory, the exact same steps would need to be
followed in case of VM's too, or is there some trick?<br>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br></div>
To enable password less communication between VMs you need top
create a SSH key for a user (root?) that will be in all you VMs.<br>
You should also disable in ssh_config the know_hosts feature (or
redirect it to /dev/null).<br>
<br>
For SSH there are multiple means. You create a VM with a SSH key
inside, the drawback is the SSH key is the same for all VMs e.g. all
users, this is not secure but for test only it would fit.<br>
At boot time you load the ssh key for a file set in CONTEXT
template, with a key dedicated per user. Or, still at boot time, you
trigger a server (you made) to get a SSH key from the VM ip.<br>
<br>
Olivier<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top"><br>
Thank you, <br>
Lehel.<br>
</td>
</tr>
</tbody>
</table>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a rel="nofollow">Users@lists.opennebula.org</a>
<a rel="nofollow" target="_blank" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><span class="yiv1316614934HOEnZb"><font color="#888888">
</font></span></pre><span class="yiv1316614934HOEnZb"><font color="#888888">
</font></span></blockquote><span class="yiv1316614934HOEnZb"><font color="#888888">
<br>
<pre>--
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95
gpg key id: 4096R/326D8438 (<a rel="nofollow" target="_blank" href="http://keyring.debian.org">keyring.debian.org</a>)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
</pre>
</font></span></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a rel="nofollow">Users@lists.opennebula.org</a><br>
<a rel="nofollow" target="_blank" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br>
</div><br>-----Inline Attachment Follows-----<br><br><div class="yiv1316614934plainMail">_______________________________________________<br>Users mailing list<br><a rel="nofollow">Users@lists.opennebula.org</a><br><a rel="nofollow" target="_blank" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br></div></blockquote></td></tr></tbody></table></div></td></tr></tbody></table></div><br>-----Inline Attachment Follows-----<br><br><div class="plainMail">_______________________________________________<br>Users mailing list<br><a ymailto="mailto:Users@lists.opennebula.org" href="/mc/compose?to=Users@lists.opennebula.org">Users@lists.opennebula.org</a><br><a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br></div></blockquote></td></tr></table>