[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 0/1] qemu: Add Secure Shell (ssh) network block device.



On Mon, Apr 15, 2013 at 12:39:30PM +0100, Daniel P. Berrange wrote:
> On Mon, Apr 15, 2013 at 12:18:43PM +0100, Richard W.M. Jones wrote:
> > - How should host_key_check be modelled via the libvirt XML / API?
> 
> I'm not sure - what does that do ?

Three settings:

(1) host_key_check=no turns off known_hosts checking

(2) host_key_check=yes turns it on (the default).

In this case, qemu will check the remote host's key against the
contents of $HOME/.ssh/known_hosts or /root/.ssh/known_hosts if $HOME
is not set.  In the libvirt case this is of course troublesome because
$HOME is not set and $HOME/.ssh is not likely to be accessible.
Although, this worked for me in my tests, so I assume libvirtd now
passes $HOME through in the session case?

(3) host_key_check={md5,sha1}:<hash>

Check that hash(host key) = <hash>, where the hash function is md5 or
sha1.  In practice you'd write something like:

  ssh://remote/disk.img?host_key_check=md5:78:45:8e:14:57:4f:d5:45:83:0a:0e:f3:49:82:c9:c8

where '78:45:8e:14:57:4f:d5:45:83:0a:0e:f3:49:82:c9:c8' is the output of:

  ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub | awk '{print $2}'

on the remote host.

In future there could be a fourth case:

(4) host_key_check=key:<key>

where you actually pass the whole remote host public key (base64-
encoded).  The problem with this is it runs into URL length limits
quite easily.

> > - We want the user to be able to select different authentication
> >   methods (at least, password, publickey, agent [insecurely]).  How
> >   would you see these being modelled in the API?  Particularly since
> >   these may require associated secret(s).
> 
> Well for password/publickey the existance of the neccessary secrets
> in the XML will indicate whether each of them can be enabled. Not
> sure what to suggest for the ssh agent though.

I suspect we do need to specify the alternatives, and there may be a
sequence to be tried in turn.  Accidentally sending a passphrase as
password-interactive, for example, could be dangerous.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]