This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] special passwords for xenserver direct console, could it

To: stabeek <stabeek@xxxxxxxxx>
Subject: Re: [Xen-users] special passwords for xenserver direct console, could it be?
From: Craig Miskell <craig.miskell@xxxxxxxxxx>
Date: Wed, 13 Oct 2010 08:37:56 +1300
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 12 Oct 2010 12:40:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20101012103953.31652.qmail@xxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20101012103953.31652.qmail@xxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20100411)
Hash: SHA1

stabeek wrote:
> Hi,
> Would appreciate any comments on the following scenario. Thanks in advance.
> I'm a newcomer to xen and have received a machine with several VMs
> running on it. I also have the root passwords to the VMs at keast one of
> which I can log into as root via ssh.
> I can also connect a keyboard and screen directly to the machine and I
> get a XenServer Management console coming up in ncurses style.
> However the root password I use for ssh is rejected by this Mgmt console
> when I select and request login into the machine I just ssh'd into.
> The possibility of the Xenserver Mgmt console needing a different typoe
> of root password is not impossible (i'm new to xen, so I tend to expect
> and believe anything), but at the same time it not hugely conventional.
> Having two types of "root passwords" ... well ... I suppose one could
> get used to it, but it will cause not a little confusion.
> I decided that it can't be, so I checked and re-checked my typing and
> the keyboard to make sure it enters what I typed.
> One thing this Mgmt console can't do is allow non-root access. You
> overwrite the UID part (it allows you to overwrite "root") and you ente
> a valid username for the VM in question, and it says "only root can log
> in here" or something to that effect.
> Grateful for any comments. Many thanks.
        This is quite normal.  The host running the XenServer Mgmt console is a 
more trusted server than the guests; in essence, connecting through the host
gives you full access to the guests.  The reverse is not true.  So, in some
scenarios that may be a large part of the design (untrusted guests under the
control of non-local people), where having the same root password would be

You are quite entitled to set the root password on the management console to be
the same as the guests, but there's no connection between them, by design.

- --
Craig Miskell
Senior Systems Administrator
Opus International Consultants
Phone: +64 4 471 7209
Real programmers program by whistling down the MIC IN port of a ZX80.
        - Adrian Millett
Version: GnuPG v1.4.9 (GNU/Linux)


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>