[libvirt PATCH v5 29/32] schema: add configuration for host verification of ssh disks
Peter Krempa
pkrempa at redhat.com
Thu Feb 16 16:45:27 UTC 2023
On Tue, Feb 14, 2023 at 11:08:16 -0600, Jonathon Jongsma wrote:
> In order to make ssh disks usable, we need to be able to validate a
> remote host. To do this, add a <knownHosts> xml element for ssh disks to
> allow the user to specify a location for a file that contains known host
> keys. Implementation to follow.
>
> Signed-off-by: Jonathon Jongsma <jjongsma at redhat.com>
> ---
> docs/formatdomain.rst | 6 ++++++
> src/conf/schemas/domaincommon.rng | 11 +++++++++++
> 2 files changed, 17 insertions(+)
>
> diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
> index bf071255c5..d5ad5d80b0 100644
> --- a/docs/formatdomain.rst
> +++ b/docs/formatdomain.rst
> @@ -2953,6 +2953,12 @@ paravirtualized driver is specified via the ``disk`` element.
> If the reconnect feature is enabled, accepts ``yes`` and ``no``
> ``timeout``
> The amount of seconds after which hypervisor tries to reconnect.
> + ``knownHosts``
> + For storage accessed via the ``ssh`` protocol, this element configures a
> + path to a file containing a list of known ssh hosts to be used to verify
> + the remote host. The location of the file is specified via the ``path``
> + attribute.
> + :since:`Since 9.1.0`
How does nbdkit do enrollment here? Does it expect a pre-filled set of
known hosts? Or does it allow new host on first use?
More information about the libvir-list
mailing list