qemu-block
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [Qemu-devel] [PATCH 0/2] ssh: add password and privkey

From: Richard W.M. Jones
Subject: Re: [Qemu-block] [Qemu-devel] [PATCH 0/2] ssh: add password and privkey auth methods
Date: Fri, 26 Jul 2019 16:35:27 +0100
User-agent: Mutt/1.5.21 (2010-09-15) 
On Fri, Jul 26, 2019 at 10:06:43AM -0500, Eric Blake wrote:
> On 7/26/19 9:45 AM, Pino Toscano wrote:
> > On Friday, 26 July 2019 16:27:11 CEST Richard W.M. Jones wrote:
> >> On Fri, Jul 26, 2019 at 04:09:52PM +0200, Pino Toscano wrote:
> >>> These two patches add the password and private key authentication
> >>> methods to the ssh block driver, using secure objects for
> >>> passwords/passphrases.
> >>
> >> I was attempting to test this but couldn't work out the full command
> >> line to use it (with qemu-img).  I got as far as:
> >>
> >> $ ./qemu-img convert -p 'json:{ "file.driver": "ssh", "file.host": 
> >> "devr7", "file.path": "/var/tmp/root", "file.password-secret": "..." }' 
> >> /var/tmp/root
> >>
> >> I guess the secret should be specified using --object, but at that
> >> point I gave up.
> > 
> > Almost there :) add e.g.
> >   --object 'secret,id=sec0,file=passwd'
> > as parameter for the convert command (so after it, not before), and then
> > set 'sec0' as value for file.password-secret.  Of course 'sec0' is
> > arbitrary, any other QEMU id will do.
> > 
> > A long helpful comment in include/crypto/secret.h explains the basics
> > of the crypto objects.
> 
> That is useful information, but even more useful if you amend the commit
> message to include a working example command line rather than making
> readers chase down the docs :)
> 
> Untested, but piecing together what I know from my work on qemu-nbd
> encryption, it seems like this should be a starting point for such a
> command:
> 
> qemu-img convert -p --imageopts --object secret,id=sec0,file=passwd \
>   driver=ssh,host=devr7,path=/var/tmp/root,password-secret=sec0 \
>   /var/tmp/copy

--imageopts isn't necessary.  This was the command that worked for me:

unset SSH_AUTH_SOCK; ./qemu-img convert -p --object 
'secret,id=sec0,file=/tmp/passwd' 'json:{ "file.driver": "ssh", "file.host": 
"devr7", "file.path": "/var/tmp/root", "file.password-secret": "sec0" }' 
/var/tmp/root

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
reply via email to
[Prev in Thread] Current Thread [Next in Thread]