[PATCH 0/6] Introduce OpenSSH authorized key file mgmt APIs

Michal Privoznik mprivozn at redhat.com
Thu Nov 12 11:55:23 UTC 2020 

On 11/11/20 1:04 PM, Michal Privoznik wrote:
> On 11/11/20 11:32 AM, Peter Krempa wrote:
>> On Tue, Nov 10, 2020 at 16:11:40 +0100, Michal Privoznik wrote:
>>> Marc-André posted a patch that implements agent handling. I've written
>>> the rest.
>>>
>>> Marc-André Lureau (1):
>>>    qemu_agent: add qemuAgentSSH{Add,Remove,Get}AuthorizedKeys
>>>
>>> Michal Prívozník (5):
>>>    Introduce OpenSSH authorized key file mgmt APIs
>>
>> One more thing to think about:
>>
>> Since we are getting random requests for setters of various bits which
>> we have to bend the rule "we don't care what's running in the VM" and
>> which don't really scale when adding new APIs. I propose we add a
>> generic guest agent setter which will be extensible using a typed
>> parameters and a type property.
>>
>> It will basically become the counterpart to virDomainGetGuestInfo.
>>
>> The extensions then become enum additions and code additions only and
>> will be more flexible for future use.
>>
>> The same way the getter forthe ssh keys should become part of
>> virDomainGetGuestInfo, obviously auditing whether a read-write
>> connection is used.
>>
>> example:
>>
>> int
>> qemuDomainSetGuestInfo(virDomainPtr dom,
>>                         virDomainSetGuestInfoType type,
>>                         virTypedParamPtr params,
>>                         unsigned int  nparams,
>>                         unsigned int flags);
>>
>> Invocation for setting keys:
>>
>> virTypedParamsAddString(..., "user", "root")
>> virTypedParamsAddString(..., "key", "ssh-rsa AA.... root at localhost")
>> virTypedParamsAddString(..., "key", "ssh-rsa AA.... user at localhost")
>>
>> etc.
>>
> 
> Yeah, this is much more extensible. Okay, let me send v2.

My enthusiasm might had been premature. virDomainGetGuestInfo() does not 
send anything but virDomainPtr, unsigned int types and flags down the 
wire. While we can make @params be both in and out type of arguments, 
it's going to require change of RPC. I mean the way that qemu-ga APIs 
are implemented is that for listing ssh keys the API expects an user on 
the input so that it can construct $HOME/.ssh/authorized_keys path. How 
to pass this through virDomainGetGuestInfo()? Okay, we could work around 
it by just listing SSH keys for all users and let caller filter our the 
interesting ones, but this is: a) scary from security POV,  b) 
suboptimal because we might hit message size limit pretty soon. Also, 
there is no qemu-ga API to list all users, just those logged in 
currently. And the whole point of these new APIs is to set up SSH keys 
before user logs in.

Michal

More information about the libvir-list mailing list