RFE: Add a Host with custom ssh port and sudo user

Latest response

This is a "Request For Enhancement" for RHEV Manager 3 Beta.

 

I select a cluster. I click on Hosts. New.

 

The New Host dialog appears.

 

It only prompts about:

 

Name, Address, Root password.

 

I would like to have an extra field: Custom SSH port.

 

I personally don't use the custom ssh port (22) in order to improve security.

 

More than this I even deny root login with:

PermitRootLogin no

setting

on

/etc/ssh/sshd_config

file.

 

So it would be nice a setup where I could define a non-root user which has sudo access (maybe without the need of using password to ease access from RHEV Manager) to...I currently don't know... a given daemon, a given script, all the programs (full root access)?

 

That means a checkbox called: Sudo user which greys default root user and enables another field where you can define your custom sudo user.

ad
Log in to join the conversation

Responses

Sadique Puthen's picture Red Hat Guru 4679 points
27 December 2011 5:08 AM

If you can to log in to access.redhat.com and open a case, please open this to Red Hat support to get this RFE filed officially with Product Management. This is the preferred way  for Product Management to prioritize RFEs.

Sadique Puthen's picture Red Hat Guru 4679 points
28 December 2011 2:07 PM

If this is about RHEV3, you can work around this by adding an iptables nat rule similar to the below one on RHEV-M to work around ssh on ports other than 22.

 

iptables --table nat --append OUTPUT --protocol tcp --destination
<hypervisor ip address> --dport 22 --jump REDIRECT --to-port <hypervisor
ssh port>
rh Red Hat Guru 1569 points
28 December 2011 2:55 PM
  1. If you are using RHEV-Hypervisor:
    In this case root login is disabled by default and any root ssh operation is done using certificates that are exchanged during the 'Approve' process. Additionally you can define a RHEV Administrator user that can ssh and has sudo permissions.
  2. If you are using RHEL as a RHEV Host. In this case the root SSH is required to do the initial installation. After this it can be disabled, it is only required later for re-install or log-collection. Alternative to this is to use Sadiques suggestions in case you have changes the SSH port.

For the long term if you have an active subscription for RHEV please file an RFE via the customer portal. If you don't, please say so and I'll pass on your input, alternatively you can file this on ovirt.org