[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key aut
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication |
|
Date: |
Fri, 26 Jul 2019 09:24:34 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 |
On 7/26/19 9:09 AM, Pino Toscano wrote:
> Add a 'private-key' option which represents the path of a private key
> to use for authentication, and 'private-key-secret' as the name of an
> object with its passphrase.
>
> Signed-off-by: Pino Toscano <address@hidden>
> +++ b/qapi/block-core.json
> @@ -3226,6 +3226,11 @@
> # @password-secret: ID of a QCryptoSecret object providing a password
> # for authentication (since 4.2)
> #
> +# @private-key: path to the private key (since 4.2)
> +#
> +# @private-key-secret: ID of a QCryptoSecret object providing the passphrase
> +# for 'private-key' (since 4.2)
Is password-secret intended to be mutually-exclusive with
private-key/private-key-secret? If so, this should probably utilize an
enum for a discriminator
{ 'enum': 'SshAuth', 'data': ['ssh-agent', 'password', 'private'key'] }
then update BlockdevOptionsSsh to be a union type with an optional
discriminator (defaulting to ssh-agent) for back-compat, where
'auth':'ssh-agent' needs no further fields, 'auth':'password' adds in a
'secret' field for use as password, or where 'auth':'private-key' adds
in both 'key-file' and 'secret' for use as the two pieces needed for
private key use.
Markus may have other suggestions on how best to represent this sort of
union type in QAPI.
> +#
> # Since: 2.9
> ##
> { 'struct': 'BlockdevOptionsSsh',
> @@ -3233,7 +3238,9 @@
> 'path': 'str',
> '*user': 'str',
> '*host-key-check': 'SshHostKeyCheck',
> - '*password-secret': 'str' } }
> + '*password-secret': 'str',
> + '*private-key': 'str',
> + '*private-key-secret': 'str' } }
>
>
> ##
>
On a different topic, how much of this work overlaps with the nbdkit ssh
plugin? Should we be duplicating efforts with both projects supporting
ssh natively, or is it worth considering getting qemu out of the ssh
business and instead connecting to an nbd device provided by nbdkit
connecting to ssh? (For comparison, we've already decided that nbdkit
does not plan on writing a qcow2 plugin, because it defers to qemu to be
the expert there; or in the other direction, qemu-nbd has deprecated its
partial support for exposing only a partition of a disk in favor of
qemu-nbd having much more partition support through its filters)
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-block] [PATCH 0/2] ssh: add password and privkey auth methods, Pino Toscano, 2019/07/26
- [Qemu-block] [PATCH 1/2] ssh: implement password authentication, Pino Toscano, 2019/07/26
- [Qemu-block] [PATCH 2/2] ssh: implement private key authentication, Pino Toscano, 2019/07/26
- Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication,
Eric Blake <=
- Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication, Richard W.M. Jones, 2019/07/26
- Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication, Pino Toscano, 2019/07/29
- Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication, Markus Armbruster, 2019/07/29
- Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication, Pino Toscano, 2019/07/29
- Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication, Markus Armbruster, 2019/07/29
- Re: [Qemu-block] [Qemu-devel] [PATCH 2/2] ssh: implement private key authentication, Kevin Wolf, 2019/07/29
Re: [Qemu-block] [PATCH 0/2] ssh: add password and privkey auth methods, Richard W.M. Jones, 2019/07/26