New optional parameter "keyfile" for ssh transport allows the user to select the private key to be used to authenticate to the remote host. --- docs/remote.html.in | 16 ++++++++++++++++ src/remote/remote_driver.c | 9 ++++++++- src/rpc/virnetclient.c | 4 +++- src/rpc/virnetclient.h | 1 + src/rpc/virnetsocket.c | 3 +++ src/rpc/virnetsocket.h | 1 + tests/virnetsockettest.c | 12 ++++++++++++ 7 files changed, 44 insertions(+), 2 deletions(-) diff --git a/docs/remote.html.in b/docs/remote.html.in index 39d65aa..b554950 100644 --- a/docs/remote.html.in +++ b/docs/remote.html.in @@ -275,6 +275,22 @@ Note that parameter values must be <td colspan="2"/> <td> Example: <code>netcat=/opt/netcat/bin/nc</code> </td> </tr> + + <tr> + <td> + <code>keyfile</code> + </td> + <td> ssh </td> + <td> + The name of the private key file to use to authentication to the remote + machine. If this option is not used the default keys are used. + </td> + </tr> + <tr> + <td colspan="2"/> + <td> Example: <code>keyfile=/root/.ssh/example_key</code> </td> + </tr> + <tr> <td> <code>no_verify</code> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index c2f8bbd..3878fc9 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -343,7 +343,7 @@ doRemoteOpen (virConnectPtr conn, char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL; char *port = NULL, *authtype = NULL, *username = NULL; int no_verify = 0, no_tty = 0; - char *pkipath = NULL; + char *pkipath = NULL, *keyfile = NULL; /* Return code from this function, and the private data. */ int retcode = VIR_DRV_OPEN_ERROR; @@ -416,6 +416,11 @@ doRemoteOpen (virConnectPtr conn, netcat = strdup (var->value); if (!netcat) goto out_of_memory; var->ignore = 1; + } else if (STRCASEEQ (var->name, "keyfile")) { + VIR_FREE(keyfile); + keyfile = strdup (var->value); + if (!keyfile) goto out_of_memory; + var->ignore = 1; } else if (STRCASEEQ (var->name, "no_verify")) { no_verify = atoi (var->value); var->ignore = 1; @@ -573,6 +578,7 @@ doRemoteOpen (virConnectPtr conn, no_tty, no_verify, netcat ? netcat : "nc", + keyfile, sockname))) goto failed; @@ -672,6 +678,7 @@ doRemoteOpen (virConnectPtr conn, VIR_FREE(sockname); VIR_FREE(authtype); VIR_FREE(netcat); + VIR_FREE(keyfile); VIR_FREE(username); VIR_FREE(port); VIR_FREE(pkipath); diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index d3965c6..1bda763 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -189,11 +189,13 @@ virNetClientPtr virNetClientNewSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path) { virNetSocketPtr sock; - if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, noVerify, netcat, path, &sock) < 0) + if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, + noVerify, netcat, keyfile, path, &sock) < 0) return NULL; return virNetClientNew(sock, NULL); diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index 6acdf50..3e5659c 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -46,6 +46,7 @@ virNetClientPtr virNetClientNewSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path); virNetClientPtr virNetClientNewExternal(const char **cmdargv); diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 7ea1ab7..57373a0 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -578,6 +578,7 @@ int virNetSocketNewConnectSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path, virNetSocketPtr *retsock) { @@ -594,6 +595,8 @@ int virNetSocketNewConnectSSH(const char *nodename, virCommandAddArgList(cmd, "-p", service, NULL); if (username) virCommandAddArgList(cmd, "-l", username, NULL); + if (keyfile) + virCommandAddArgList(cmd, "-i", keyfile, NULL); if (noTTY) virCommandAddArgList(cmd, "-T", "-o", "BatchMode=yes", "-e", "none", NULL); diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index 5f882ac..479be28 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -69,6 +69,7 @@ int virNetSocketNewConnectSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path, virNetSocketPtr *addr); diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c index 1697ced..fd8151b 100644 --- a/tests/virnetsockettest.c +++ b/tests/virnetsockettest.c @@ -379,6 +379,7 @@ struct testSSHData { bool noTTY; bool noVerify; const char *netcat; + const char *keyfile; const char *path; const char *expectOut; @@ -400,6 +401,7 @@ static int testSocketSSH(const void *opaque) data->noTTY, data->noVerify, data->netcat, + data->keyfile, data->path, &csock) < 0) goto cleanup; @@ -542,6 +544,16 @@ mymain(void) if (virtTestRun("SSH test 5", 1, testSocketSSH, &sshData5) < 0) ret = -1; + struct testSSHData sshData6 = { + .nodename = "example.com", + .path = "/tmp/socket", + .keyfile = "/root/.ssh/example_key", + .noVerify = true, + .expectOut = "-i /root/.ssh/example_key -o StrictHostKeyChecking=no example.com nc -U /tmp/socket\n", + }; + if (virtTestRun("SSH test 6", 1, testSocketSSH, &sshData6) < 0) + ret = -1; + #endif return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE); -- 1.7.6