Re: [Qemu-devel] [PATCH 0/2] ssh: add password and privkey auth methods

[Eric Blake]

On 7/26/19 9:45 AM, Pino Toscano wrote:
> On Friday, 26 July 2019 16:27:11 CEST Richard W.M. Jones wrote:
>> On Fri, Jul 26, 2019 at 04:09:52PM +0200, Pino Toscano wrote:
>>> These two patches add the password and private key authentication
>>> methods to the ssh block driver, using secure objects for
>>> passwords/passphrases.
>>
>> I was attempting to test this but couldn't work out the full command
>> line to use it (with qemu-img).  I got as far as:
>>
>> $ ./qemu-img convert -p 'json:{ "file.driver": "ssh", "file.host": "devr7", 
>> "file.path": "/var/tmp/root", "file.password-secret": "..." }' /var/tmp/root
>>
>> I guess the secret should be specified using --object, but at that
>> point I gave up.
> 
> Almost there :) add e.g.
>   --object 'secret,id=sec0,file=passwd'
> as parameter for the convert command (so after it, not before), and then
> set 'sec0' as value for file.password-secret.  Of course 'sec0' is
> arbitrary, any other QEMU id will do.
> 
> A long helpful comment in include/crypto/secret.h explains the basics
> of the crypto objects.

That is useful information, but even more useful if you amend the commit
message to include a working example command line rather than making
readers chase down the docs :)

Untested, but piecing together what I know from my work on qemu-nbd
encryption, it seems like this should be a starting point for such a
command:

qemu-img convert -p --imageopts --object secret,id=sec0,file=passwd \
  driver=ssh,host=devr7,path=/var/tmp/root,password-secret=sec0 \
  /var/tmp/copy

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

signature.asc
Description: OpenPGP digital signature