On Sat, Aug 11, 2012 at 11:21:02PM +0200, Peter Krempa wrote:
> This patch adds URI options to support libssh2 transport in the remote
> driver.
>
> A new transport sceme is introduced eg. "qemu+libssh://..." that
> utilizes the libssh2 code added in previous patches.
>
> The libssh2 code requires the authentication callback to be able to
> perform keyboard-interactive authentication or to ask t passprhases or
> add host keys to known hosts database.
>
> Added URI components:
> - known_hosts - path to a knownHosts file in OpenSSH format to check
> for known ssh host keys
> - known_hosts_verify - how to deal with server key verification:
> * "normal" (default) - ask to add new keys
> * "auto" - automaticaly add new keys
> * "ignore" - don't validate host keys
> - auth - authentication methods to use. Default is
> "agent,privkey,keyboard-interactive". It's a comma separated
> string of methods to try while authenticating. The order is
> preserved. Some of the methods may require additional
> parameters.
> - password - Password for password authentication.
NACK to adding 'password' as a parameter. It is not safe to provide
passwords in URIs, and we already have explicit support for providing
passwords via a libvirt config file.
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 8153d70..9b5677d 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -385,6 +385,8 @@ static void remoteClientCloseFunc(virNetClientPtr client ATTRIBUTE_UNUSED,
> * - xxx+tcp:/// -> TCP connection to localhost
> * - xxx+unix:/// -> UNIX domain socket
> * - xxx:/// -> UNIX domain socket
> + * - xxx+ssh:/// -> SSH connection (legacy)
> + * - xxx+libssh2:/// -> SSH connection (using libssh2)
> */
> static int
> doRemoteOpen(virConnectPtr conn,
> @@ -397,6 +399,7 @@ doRemoteOpen(virConnectPtr conn,
> trans_tls,
> trans_unix,
> trans_ssh,
> + trans_libssh2,
> trans_ext,
> trans_tcp,
> } transport;
> @@ -439,6 +442,8 @@ doRemoteOpen(virConnectPtr conn,
> }
> } else if (STRCASEEQ(transport_str, "ssh"))
> transport = trans_ssh;
> + else if (STRCASEEQ(transport_str, "libssh2"))
> + transport = trans_libssh2;
> else if (STRCASEEQ(transport_str, "ext"))
> transport = trans_ext;
> else if (STRCASEEQ(transport_str, "tcp"))
> @@ -446,7 +451,7 @@ doRemoteOpen(virConnectPtr conn,
> else {
> virReportError(VIR_ERR_INVALID_ARG, "%s",
> _("remote_open: transport in URL not recognised "
> - "(should be tls|unix|ssh|ext|tcp)"));
> + "(should be tls|unix|ssh|ext|tcp|libssh2)"));
> return VIR_DRV_OPEN_ERROR;
> }
> }
> @@ -460,10 +465,12 @@ doRemoteOpen(virConnectPtr conn,
> * get freed in the failed: path.
> */
> char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
> - char *port = NULL, *authtype = NULL, *username = NULL;
> + char *port = NULL, *authtype = NULL, *username = NULL, *password = NULL;
> bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true;
> char *pkipath = NULL, *keyfile = NULL;
>
> + char *knownHostsVerify = NULL, *knownHosts = NULL;
> +
> /* Return code from this function, and the private data. */
> int retcode = VIR_DRV_OPEN_ERROR;
>
> @@ -508,6 +515,9 @@ doRemoteOpen(virConnectPtr conn,
> EXTRACT_URI_ARG_STR("netcat", netcat);
> EXTRACT_URI_ARG_STR("keyfile", keyfile);
> EXTRACT_URI_ARG_STR("pkipath", pkipath);
> + EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
> + EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
> + EXTRACT_URI_ARG_STR("password", password);
So remove this password param
ACK, if the password URI param is removed
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list