Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-30327

[2217870] "virtctl ssh" and NodePort ssh commands in UI do not work without '-i' flag


    • High

      Description of problem:

      The "virtctl ssh" and "NodePort ssh" commands that are copied from the UI do not work unless the user adds the "-i" flag and the private key.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:
      1. Create SSH key pair with "ssh-keygen" in /home/user/.ssh directory.
      2. Inject public key as static key into a VM and restart the VM.
      3. Copy the virtctl ssh command from the UI and try to run it from the CLI.

      Actual results:
      Permission denied error:

      [avitalpinnick@fedora ~]$ virtctl -n avital ssh cloud-user@rhel9-inject-before-boot
      The authenticity of host 'vmi/rhel9-inject-before-boot.avital (<no hostip for proxy command>)' can't be established.
      ED25519 key fingerprint is SHA256:vmloMxhsR1f49jl04UrMNiJkxn3Xj9HHufgfwtWHHLM.
      This key is not known by any other names
      Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
      Warning: Permanently added 'vmi/rhel9-inject-before-boot.avital' (ED25519) to the list of known hosts.
      cloud-user@vmi/rhel9-inject-before-boot.avital: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

      Expected results:
      SSH connection succeeds

      Additional info:

      This command worked with "/home/avitalpinnick/.ssh/testkey2": "virtctl -n avital ssh cloud-user@rhel9-inject-before-boot -i testkey2"

      If the private key is in another location, the full path has to be specified: "virtctl -n avital ssh cloud-user@rhel9-inject-before-boot -i /home/avitalpinnick/testkey2"

      I observed the same behavior when I copied and ran the NodePort/SSH command (after running the oc patch command to get the service to work).

      I recommend adding "-i <private_SSH_key>" with a tooltip saying that if the private key is not in /home/user/.ssh, the full path needs to be specified.

            tnisan@redhat.com Tal Nisan
            apinnick@redhat.com Avital Pinnick
            0 Vote for this issue
            4 Start watching this issue