[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/2] ssh: add password and privkey auth methods
From: |
Richard W.M. Jones |
Subject: |
Re: [Qemu-devel] [PATCH 0/2] ssh: add password and privkey auth methods |
Date: |
Fri, 26 Jul 2019 16:35:27 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Fri, Jul 26, 2019 at 10:06:43AM -0500, Eric Blake wrote:
> On 7/26/19 9:45 AM, Pino Toscano wrote:
> > On Friday, 26 July 2019 16:27:11 CEST Richard W.M. Jones wrote:
> >> On Fri, Jul 26, 2019 at 04:09:52PM +0200, Pino Toscano wrote:
> >>> These two patches add the password and private key authentication
> >>> methods to the ssh block driver, using secure objects for
> >>> passwords/passphrases.
> >>
> >> I was attempting to test this but couldn't work out the full command
> >> line to use it (with qemu-img). I got as far as:
> >>
> >> $ ./qemu-img convert -p 'json:{ "file.driver": "ssh", "file.host":
> >> "devr7", "file.path": "/var/tmp/root", "file.password-secret": "..." }'
> >> /var/tmp/root
> >>
> >> I guess the secret should be specified using --object, but at that
> >> point I gave up.
> >
> > Almost there :) add e.g.
> > --object 'secret,id=sec0,file=passwd'
> > as parameter for the convert command (so after it, not before), and then
> > set 'sec0' as value for file.password-secret. Of course 'sec0' is
> > arbitrary, any other QEMU id will do.
> >
> > A long helpful comment in include/crypto/secret.h explains the basics
> > of the crypto objects.
>
> That is useful information, but even more useful if you amend the commit
> message to include a working example command line rather than making
> readers chase down the docs :)
>
> Untested, but piecing together what I know from my work on qemu-nbd
> encryption, it seems like this should be a starting point for such a
> command:
>
> qemu-img convert -p --imageopts --object secret,id=sec0,file=passwd \
> driver=ssh,host=devr7,path=/var/tmp/root,password-secret=sec0 \
> /var/tmp/copy
--imageopts isn't necessary. This was the command that worked for me:
unset SSH_AUTH_SOCK; ./qemu-img convert -p --object
'secret,id=sec0,file=/tmp/passwd' 'json:{ "file.driver": "ssh", "file.host":
"devr7", "file.path": "/var/tmp/root", "file.password-secret": "sec0" }'
/var/tmp/root
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top