On Tue, Feb 14, 2023 at 11:08:16 -0600, Jonathon Jongsma wrote: > In order to make ssh disks usable, we need to be able to validate a > remote host. To do this, add a <knownHosts> xml element for ssh disks to > allow the user to specify a location for a file that contains known host > keys. Implementation to follow. > > Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx> > --- > docs/formatdomain.rst | 6 ++++++ > src/conf/schemas/domaincommon.rng | 11 +++++++++++ > 2 files changed, 17 insertions(+) > > diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst > index bf071255c5..d5ad5d80b0 100644 > --- a/docs/formatdomain.rst > +++ b/docs/formatdomain.rst > @@ -2953,6 +2953,12 @@ paravirtualized driver is specified via the ``disk`` element. > If the reconnect feature is enabled, accepts ``yes`` and ``no`` > ``timeout`` > The amount of seconds after which hypervisor tries to reconnect. > + ``knownHosts`` > + For storage accessed via the ``ssh`` protocol, this element configures a > + path to a file containing a list of known ssh hosts to be used to verify > + the remote host. The location of the file is specified via the ``path`` > + attribute. > + :since:`Since 9.1.0` How does nbdkit do enrollment here? Does it expect a pre-filled set of known hosts? Or does it allow new host on first use?
