From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH container] vncproxy/termproxy: use SSHInfo helpers
Date: Thu, 31 Oct 2024 11:16:07 +0100 [thread overview]
Message-ID: <20241031101607.84492-1-f.gruenbichler@proxmox.com> (raw)
to pick up the pinned host keys, instead of relying on them being in the local
root user's known hosts file.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
this was missed when converting other call sites that used ssh directly
src/PVE/API2/LXC.pm | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 213e518..7cb5122 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -28,6 +28,7 @@ use PVE::API2::LXC::Config;
use PVE::API2::LXC::Status;
use PVE::API2::LXC::Snapshot;
use PVE::JSONSchema qw(get_standard_option);
+use PVE::SSHInfo;
use base qw(PVE::RESTHandler);
BEGIN {
@@ -867,21 +868,19 @@ __PACKAGE__->register_method ({
$sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
if !$sslcert;
- my ($remip, $family);
+ my $family;
+ my $remcmd = [];
if ($node ne PVE::INotify::nodename()) {
- ($remip, $family) = PVE::Cluster::remote_node_ip($node);
+ (undef, $family) = PVE::Cluster::remote_node_ip($node);
+ my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
+ $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
} else {
$family = PVE::Tools::get_host_address_family($node);
}
my $port = PVE::Tools::next_vnc_port($family);
- # NOTE: vncterm VNC traffic is already TLS encrypted,
- # so we select the fastest chipher here (or 'none'?)
- my $remcmd = $remip ?
- ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : [];
-
my $conf = PVE::LXC::Config->load_config($vmid, $node);
my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1);
@@ -972,19 +971,19 @@ __PACKAGE__->register_method ({
my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
- my ($remip, $family);
+ my $family;
+ my $remcmd = [];
if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
- ($remip, $family) = PVE::Cluster::remote_node_ip($node);
+ (undef, $family) = PVE::Cluster::remote_node_ip($node);
+ my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
+ $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
} else {
$family = PVE::Tools::get_host_address_family($node);
}
my $port = PVE::Tools::next_vnc_port($family);
- my $remcmd = $remip ?
- ['/usr/bin/ssh', '-e', 'none', '-t', $remip, '--'] : [];
-
my $conf = PVE::LXC::Config->load_config($vmid, $node);
my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1);
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
reply other threads:[~2024-10-31 10:16 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241031101607.84492-1-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox