[nova] Why nova needs password-less SSH to do live migraiton?

Thomas Goirand zigo at debian.org
Tue Nov 3 07:48:39 UTC 2020

On 11/3/20 6:51 AM, Zhi CZ Chang wrote:
> Hi, all
> In the nova live migration doc[1], there is some description of libvirt
> configuration:
> "
> Enable password-less SSH so that root on one compute host can log on to
> any other compute host without providing a password.
> The |libvirtd| daemon, which runs as root, uses the SSH protocol to copy
> the instance to the destination and can’t know the passwords of all
> compute hosts.
> "
> According to the description, I understand that the libvirtd daemon runs
> as the root user for remote copy the instance to the destination.
> My question is, why make the libvirtd daemon runs as the "root" user for
> copy instance rather than other users, like the "nova" user?
> Thanks
> Zhi Chang


What's needed is password-less (ie: key authentication) under the nova
user, not root.

What I did was having the ssh host keys signed, so that nodes can
authenticate with each other in a secure way. I strongly recommend doing
that, instead of blindly trusting ssh keys, which could potentially mean
someone could be in the middle.


Thomas Goirand (zigo)

More information about the openstack-discuss mailing list