This patch allows you to use the qemu Secure Shell (ssh) block device. This is not upstream yet, but you can find my latest version here: http://lists.nongnu.org/archive/html/qemu-devel/2013-04/threads.html#01703 This patch lets you specify a ssh device like this: <disk type='network' device='disk'> <source protocol='ssh' name='/remote/path/to/disk/image'> <host name='remote-server.example.com'/> </source> <driver name='qemu' type='raw'/> <target dev='vda' bus='virtio'/> </disk> Patched qemu will connect to remote-server.example.com using libssh2, and access /remote/path/to/disk/image using the sftp protocol. This works for both read and write. Of course, since you'll have to use a patched qemu, you will also need to fiddle with the <emulator> setting. One current problem with this patch is that you have to manually set the SSH_AUTH_SOCK environment variable to point at your ssh-agent (since qemu's ssh block device requires ssh-agent authentication). I added the following to my XML, your value will be different: <qemu:commandline> <qemu:env name="SSH_AUTH_SOCK" value="/tmp/ssh-DThteVfEeOq3/agent.1773" /> </qemu:commandline> Some shortcomings: - Does not allow you to specify the host_key_check parameter. - No tests. - Not sure how best to deal with the ssh-agent authentication socket problem. Use libvirt secrets? If so, how? - I did not test if you can specify an alternate remote user. - I did not test (or care) if parsing qemu command lines works. Rich. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list