[libvirt] [PATCH RFCv2 4/5] libssh2_transport: Use libssh2 driver code in remote driver

Daniel P. Berrange berrange at redhat.com
Thu Jan 19 13:13:33 UTC 2012 

On Wed, Jan 18, 2012 at 05:28:47PM +0100, Michal Privoznik wrote:
> On 04.01.2012 00:47, Peter Krempa wrote:
> > -        if (verr && verr->code == VIR_ERR_NO_SUPPORT) {
> > -            /* Missing RPC - old server - ignore */
> > -            virResetLastError();
> > -            return 0;
> > +        if ((verr = virGetLastError())) {
> > +            if (verr->code == VIR_ERR_NO_SUPPORT) {
> > +                /* Missing RPC - old server - ignore */
> > +                virResetLastError();
> > +                return 0;
> > +            }
> > +
> > +            if (verr->code == VIR_ERR_LIBSSH_REMOTE_COMMAND) {
> > +                virResetLastError();
> > +                remoteError(VIR_ERR_LIBSSH_REMOTE_COMMAND, "%s",
> > +                            _("Remote daemon is not running or remote command has failed"));
> > +            }
> >          }
> >          return -1;
> >      }
> 
> Related to 1st patch in the set:
> Some users might be using ssh-agent, however, want to select different
> auth mechanisms. I'd suggest to allow users to select which auth
> mechanism they want to use. If we don't parse ssh configs, we should let
> user to choose if he wants keyboard-interactive or ssh-agent or ...;
> Otherwise we end up trying to sign in with keys provided by ssh-agent
> which doesn't really must have the right ones.
> For example, /me uses ssh-agent for git+ssh://libvirt.org but use public
> keys for other machines and even keyboard-interactive :)

For the libssh2 driver, I think *not* using .ssh/config is actually
a good feature. The main benefit of libssh2, over forking ssh, is
that libvirt can provide applications direct control over all settings
and interactions. So any bits that we think need to be configurable
should all be done as query parameters in the URI

At least i see us wanting

 - use agent - yes|no
 - auth list (ie keyboard-interactive | gssapi-with-mic | public-key ... etc)
 - public key paths

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list