On Friday, 21 October 2016 12:25:40 CEST Daniel P. Berrange wrote: > On Fri, Oct 21, 2016 at 01:16:11PM +0200, Pino Toscano wrote: > > Rewrite the implementation of the ssh block driver to use libssh instead > > of libssh2. The libssh library has various advantages over libssh2: > > - easier API for authentication (for example for using ssh-agent) > > - easier API for known_hosts handling > > - supports newer types of keys in known_hosts > > > > Kerberos authentication can be enabled once the libssh bug for it [1] is > > fixed. > > IIUC from the code this relies on QEMU being able to talk to an ssh > agent to do public key auth. Is there a way to directly provide the > passphase for the private key (avoiding need for an agent), or to > provide a plani password to libssh ?
Yes, both are supported by libssh. > If so, you could use the QEMU 'secret' object type to provide these > passphrases & passwords to QEMU, which can in turn pass them to > libssh. > > Avoiding the need for ssh agent in this way would make it possible > to use this driver with libvirt in more circumstances. > > eg for plain passwords you could do > > $QEMU -object secret,id=sec0,data=mypassword > -drive driver=ssh,....,password-secret=sec0 > > while for private key passphrases > > $QEMU -object secret,id=sec0,data=mypassphrase > -drive driver=ssh,....,key-passphrase-secret=sec0 > > > No need to do this all as part of this patch though - it'd be cleaner to > do this as a separate patch Right, good idea. Thanks, -- Pino Toscano
signature.asc
Description: This is a digitally signed message part.