* [pve-devel] [PATCH container] vncproxy/termproxy: use SSHInfo helpers
@ 2024-10-31 10:16 Fabian Grünbichler
0 siblings, 0 replies; only message in thread
From: Fabian Grünbichler @ 2024-10-31 10:16 UTC (permalink / raw)
To: pve-devel
to pick up the pinned host keys, instead of relying on them being in the local
root user's known hosts file.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
this was missed when converting other call sites that used ssh directly
src/PVE/API2/LXC.pm | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 213e518..7cb5122 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -28,6 +28,7 @@ use PVE::API2::LXC::Config;
use PVE::API2::LXC::Status;
use PVE::API2::LXC::Snapshot;
use PVE::JSONSchema qw(get_standard_option);
+use PVE::SSHInfo;
use base qw(PVE::RESTHandler);
BEGIN {
@@ -867,21 +868,19 @@ __PACKAGE__->register_method ({
$sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
if !$sslcert;
- my ($remip, $family);
+ my $family;
+ my $remcmd = [];
if ($node ne PVE::INotify::nodename()) {
- ($remip, $family) = PVE::Cluster::remote_node_ip($node);
+ (undef, $family) = PVE::Cluster::remote_node_ip($node);
+ my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
+ $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
} else {
$family = PVE::Tools::get_host_address_family($node);
}
my $port = PVE::Tools::next_vnc_port($family);
- # NOTE: vncterm VNC traffic is already TLS encrypted,
- # so we select the fastest chipher here (or 'none'?)
- my $remcmd = $remip ?
- ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : [];
-
my $conf = PVE::LXC::Config->load_config($vmid, $node);
my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1);
@@ -972,19 +971,19 @@ __PACKAGE__->register_method ({
my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
- my ($remip, $family);
+ my $family;
+ my $remcmd = [];
if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
- ($remip, $family) = PVE::Cluster::remote_node_ip($node);
+ (undef, $family) = PVE::Cluster::remote_node_ip($node);
+ my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
+ $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
} else {
$family = PVE::Tools::get_host_address_family($node);
}
my $port = PVE::Tools::next_vnc_port($family);
- my $remcmd = $remip ?
- ['/usr/bin/ssh', '-e', 'none', '-t', $remip, '--'] : [];
-
my $conf = PVE::LXC::Config->load_config($vmid, $node);
my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1);
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-10-31 10:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-31 10:16 [pve-devel] [PATCH container] vncproxy/termproxy: use SSHInfo helpers Fabian Grünbichler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox