public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH container] vncproxy/termproxy: use SSHInfo helpers
Date: Thu, 31 Oct 2024 11:16:07 +0100	[thread overview]
Message-ID: <20241031101607.84492-1-f.gruenbichler@proxmox.com> (raw)

to pick up the pinned host keys, instead of relying on them being in the local
root user's known hosts file.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
this was missed when converting other call sites that used ssh directly

 src/PVE/API2/LXC.pm | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 213e518..7cb5122 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -28,6 +28,7 @@ use PVE::API2::LXC::Config;
 use PVE::API2::LXC::Status;
 use PVE::API2::LXC::Snapshot;
 use PVE::JSONSchema qw(get_standard_option);
+use PVE::SSHInfo;
 use base qw(PVE::RESTHandler);
 
 BEGIN {
@@ -867,21 +868,19 @@ __PACKAGE__->register_method ({
 	$sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
 	    if !$sslcert;
 
-	my ($remip, $family);
+	my $family;
+	my $remcmd = [];
 
 	if ($node ne PVE::INotify::nodename()) {
-	    ($remip, $family) = PVE::Cluster::remote_node_ip($node);
+	    (undef, $family) = PVE::Cluster::remote_node_ip($node);
+	    my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
+	    $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
 	} else {
 	    $family = PVE::Tools::get_host_address_family($node);
 	}
 
 	my $port = PVE::Tools::next_vnc_port($family);
 
-	# NOTE: vncterm VNC traffic is already TLS encrypted,
-	# so we select the fastest chipher here (or 'none'?)
-	my $remcmd = $remip ?
-	    ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : [];
-
 	my $conf = PVE::LXC::Config->load_config($vmid, $node);
 	my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1);
 
@@ -972,19 +971,19 @@ __PACKAGE__->register_method ({
 
 	my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
 
-	my ($remip, $family);
+	my $family;
+	my $remcmd = [];
 
 	if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
-	    ($remip, $family) = PVE::Cluster::remote_node_ip($node);
+	    (undef, $family) = PVE::Cluster::remote_node_ip($node);
+	    my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
+	    $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
 	} else {
 	    $family = PVE::Tools::get_host_address_family($node);
 	}
 
 	my $port = PVE::Tools::next_vnc_port($family);
 
-	my $remcmd = $remip ?
-	    ['/usr/bin/ssh', '-e', 'none', '-t', $remip, '--'] : [];
-
 	my $conf = PVE::LXC::Config->load_config($vmid, $node);
 	my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1);
 
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

                 reply	other threads:[~2024-10-31 10:16 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241031101607.84492-1-f.gruenbichler@proxmox.com \
    --to=f.gruenbichler@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal