In order to make ssh disks usable, we need to be able to validate a
remote host. To do this, add a <knownHosts> xml element for ssh disks to
allow the user to specify a location for a file that contains known host
keys. Implementation to follow.
Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
---
docs/formatdomain.rst | 6 ++++++
src/conf/schemas/domaincommon.rng | 11 +++++++++++
2 files changed, 17 insertions(+)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index f0f3416f29..2a4d19dcd3 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2953,6 +2953,12 @@ paravirtualized driver is specified via the ``disk`` element.
If the reconnect feature is enabled, accepts ``yes`` and ``no``
``timeout``
The amount of seconds after which hypervisor tries to reconnect.
+ ``knownHosts``
+ For storage accessed via the ``ssh`` protocol, this element configures a
+ path to a file containing a list of known ssh hosts to be used to verify
+ the remote host. The location of the file is specified via the ``path``
+ attribute.
+ :since:`Since 9.1.0`
For a "file" or "volume" disk type which represents a cdrom or floppy (the
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 79e50fd3e3..a632e04c3b 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2148,6 +2148,14 @@
</element>
</define>
+ <define name="diskSourceNetworkProtocolSSHHostVerify">
+ <element name="knownHosts">
+ <attribute name="path">
+ <ref name="absFilePath"/>
+ </attribute>
+ </element>
+ </define>
+
<define name="diskSourceNetworkProtocolSSH">
<element name="source">
<interleave>
@@ -2163,6 +2171,9 @@
<ref name="encryption"/>
</optional>
<ref name="diskSourceNetworkProtocolPropsCommon"/>
+ <optional>
+ <ref name="diskSourceNetworkProtocolSSHHostVerify"/>
+ </optional>
<optional>
<ref name="diskAuth"/>
</optional>
--
2.39.0
