Blame SOURCES/0024-input-xen-sync-ip-limitations-language-from-input-vm.patch

c1a9fa
From c34fe9a52abdde05cb31c5bd2c99237652e1b0dc Mon Sep 17 00:00:00 2001
c1a9fa
From: Laszlo Ersek <lersek@redhat.com>
c1a9fa
Date: Mon, 11 Jul 2022 09:01:56 +0200
c1a9fa
Subject: [PATCH] input-xen: sync "-ip" limitations language from input-vmware
c1a9fa
 manual
c1a9fa
c1a9fa
My analysis in <https://bugzilla.redhat.com/show_bug.cgi?id=1854275#c33>
c1a9fa
was partially wrong; I had missed that for the xen+ssh transport, the
c1a9fa
client-side libvirt library launches a naked "ssh" utility, underneath
c1a9fa
"Libvirt.Connect.connect_auth":
c1a9fa
c1a9fa
  setup                            [input/input_xen_ssh.ml]
c1a9fa
    Libvirt.Connect.connect_auth
c1a9fa
      no effect of "-ip"
c1a9fa
    Nbdkit_ssh.create_ssh          [input/nbdkit_ssh.ml]
c1a9fa
      starts nbdkit with the ssh
c1a9fa
        plugin honoring "-ip"
c1a9fa
c1a9fa
Which requires a password just the same, and ignores "-ip" just the same.
c1a9fa
c1a9fa
Recommend the ssh agent in the docs.
c1a9fa
c1a9fa
Fixes: 46298c6514710013c59828b4933f0b3b1a354566
c1a9fa
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1854275
c1a9fa
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360
c1a9fa
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
c1a9fa
Message-Id: <20220711070157.5399-2-lersek@redhat.com>
c1a9fa
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
c1a9fa
(cherry picked from commit ae067a9ce0eb5631940a8cc5dcc5ee056903276b)
c1a9fa
---
c1a9fa
 docs/virt-v2v-input-xen.pod | 5 +++++
c1a9fa
 1 file changed, 5 insertions(+)
c1a9fa
c1a9fa
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
c1a9fa
index ad5772de..80ad94f7 100644
c1a9fa
--- a/docs/virt-v2v-input-xen.pod
c1a9fa
+++ b/docs/virt-v2v-input-xen.pod
c1a9fa
@@ -32,6 +32,11 @@ server to the Xen host.  For example:
c1a9fa
  $ ssh root@xen.example.com
c1a9fa
  [ logs straight into the shell, no password is requested ]
c1a9fa
 
c1a9fa
+Note that support for non-interactive authentication via the I<-ip>
c1a9fa
+option is incomplete.  Some operations remain that still require the
c1a9fa
+user to enter the password manually.  Therefore ssh-agent is recommended
c1a9fa
+over the I<-ip> option.  See L<https://bugzilla.redhat.com/1854275>.
c1a9fa
+
c1a9fa
 With some modern ssh implementations, legacy crypto policies required
c1a9fa
 to interoperate with RHEL 5 sshd are disabled.  To enable them you may
c1a9fa
 need to run this command on the conversion server (ie. ssh client),