Re: [libvirt] [PATCHv2 4/4] libssh2_transport: Use libssh2 driver code in remote driver
On Sat, Aug 11, 2012 at 11:21:02PM +0200, Peter Krempa wrote:
This patch adds URI options to support libssh2 transport in the
remote
driver.
A new transport sceme is introduced eg. "qemu+libssh://..." that
utilizes the libssh2 code added in previous patches.
The libssh2 code requires the authentication callback to be able to
perform keyboard-interactive authentication or to ask t passprhases or
add host keys to known hosts database.
Added URI components:
- known_hosts - path to a knownHosts file in OpenSSH format to check
for known ssh host keys
- known_hosts_verify - how to deal with server key verification:
* "normal" (default) - ask to add new keys
* "auto" - automaticaly add new keys
* "ignore" - don't validate host keys
- auth - authentication methods to use. Default is
"agent,privkey,keyboard-interactive". It's a comma separated
string of methods to try while authenticating. The order is
preserved. Some of the methods may require additional
parameters.
- password - Password for password authentication.
NACK to adding 'password' as a parameter. It is not safe to provide
passwords in URIs, and we already have explicit support for providing
passwords via a libvirt config file.
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 8153d70..9b5677d 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -385,6 +385,8 @@ static void remoteClientCloseFunc(virNetClientPtr client
ATTRIBUTE_UNUSED,
* - xxx+tcp:/// -> TCP connection to localhost
* - xxx+unix:/// -> UNIX domain socket
* - xxx:/// -> UNIX domain socket
+ * - xxx+ssh:/// -> SSH connection (legacy)
+ * - xxx+libssh2:/// -> SSH connection (using libssh2)
*/
static int
doRemoteOpen(virConnectPtr conn,
@@ -397,6 +399,7 @@ doRemoteOpen(virConnectPtr conn,
trans_tls,
trans_unix,
trans_ssh,
+ trans_libssh2,
trans_ext,
trans_tcp,
} transport;
@@ -439,6 +442,8 @@ doRemoteOpen(virConnectPtr conn,
}
} else if (STRCASEEQ(transport_str, "ssh"))
transport = trans_ssh;
+ else if (STRCASEEQ(transport_str, "libssh2"))
+ transport = trans_libssh2;
else if (STRCASEEQ(transport_str, "ext"))
transport = trans_ext;
else if (STRCASEEQ(transport_str, "tcp"))
@@ -446,7 +451,7 @@ doRemoteOpen(virConnectPtr conn,
else {
virReportError(VIR_ERR_INVALID_ARG, "%s",
_("remote_open: transport in URL not recognised
"
- "(should be tls|unix|ssh|ext|tcp)"));
+ "(should be
tls|unix|ssh|ext|tcp|libssh2)"));
return VIR_DRV_OPEN_ERROR;
}
}
@@ -460,10 +465,12 @@ doRemoteOpen(virConnectPtr conn,
* get freed in the failed: path.
*/
char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
- char *port = NULL, *authtype = NULL, *username = NULL;
+ char *port = NULL, *authtype = NULL, *username = NULL, *password = NULL;
bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true;
char *pkipath = NULL, *keyfile = NULL;
+ char *knownHostsVerify = NULL, *knownHosts = NULL;
+
/* Return code from this function, and the private data. */
int retcode = VIR_DRV_OPEN_ERROR;
@@ -508,6 +515,9 @@ doRemoteOpen(virConnectPtr conn,
EXTRACT_URI_ARG_STR("netcat", netcat);
EXTRACT_URI_ARG_STR("keyfile", keyfile);
EXTRACT_URI_ARG_STR("pkipath", pkipath);
+ EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
+ EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
+ EXTRACT_URI_ARG_STR("password", password);
So remove this password param
ACK, if the password URI param is removed
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|