Re: [PATCH v2 1/3] tools: Introduce SSH proxy
On Tue, May 07, 2024 at 01:08:00PM +0200, Michal Privoznik wrote:
This allows users to SSH into a domain with a VSOCK device:
ssh user@qemu/machineName
So far, only QEMU domains are supported AND qemu:///system is
looked for the first for 'machineName' followed by
qemu:///session. I took an inspiration from SystemD's ssh proxy
[1] [2].
Thinking again, I'm not too comfortable about having
both system and session on the same namespace, as when
there is an inevitable naming clash, it is tedious to
resolve (no human likes using UUIDs).
How about allowing:
ssh user@qemu:system/machineName
ssh user@qemu:session/machineName
as unambiguous options, while leaving
ssh user@qemu/machineName
as the simplified "(mostly) do the right thing" option
To just work out of the box, it requires (yet unreleased) systemd
to be running inside the guest to set up a socket activated SSHD
on the VSOCK. Alternatively, users can set up the socket
activation themselves, or just run a socat that'll forward vsock
<-> TCP communication.
1: https://github.com/systemd/systemd/blob/main/src/ssh-generator/ssh-proxy.c
2:
https://github.com/systemd/systemd/blob/main/src/ssh-generator/20-systemd...
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/579
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
libvirt.spec.in | 33 +++
meson.build | 16 +-
meson_options.txt | 2 +
po/POTFILES | 1 +
tools/meson.build | 2 +
tools/ssh-proxy/30-libvirt-ssh-proxy.conf.in | 6 +
tools/ssh-proxy/meson.build | 25 ++
tools/ssh-proxy/ssh-proxy.c | 239 +++++++++++++++++++
8 files changed, 323 insertions(+), 1 deletion(-)
create mode 100644 tools/ssh-proxy/30-libvirt-ssh-proxy.conf.in
create mode 100644 tools/ssh-proxy/meson.build
create mode 100644 tools/ssh-proxy/ssh-proxy.c
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|