[libvirt PATCH v4 28/31] schema: add configuration for host verification of ssh disks

Jonathon Jongsma jjongsma at redhat.com
Fri Jan 20 22:03:22 UTC 2023 

In order to make ssh disks usable, we need to be able to validate a
remote host. To do this, add a <knownHosts> xml element for ssh disks to
allow the user to specify a location for a file that contains known host
keys. Implementation to follow.

Signed-off-by: Jonathon Jongsma <jjongsma at redhat.com>
---
 docs/formatdomain.rst             |  6 ++++++
 src/conf/schemas/domaincommon.rng | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index f0f3416f29..2a4d19dcd3 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2953,6 +2953,12 @@ paravirtualized driver is specified via the ``disk`` element.
          If the reconnect feature is enabled, accepts ``yes`` and ``no``
       ``timeout``
          The amount of seconds after which hypervisor tries to reconnect.
+   ``knownHosts``
+      For storage accessed via the ``ssh`` protocol, this element configures a
+      path to a file containing a list of known ssh hosts to be used to verify
+      the remote host. The location of the file is specified via the ``path``
+      attribute.
+      :since:`Since 9.1.0`
 
 
    For a "file" or "volume" disk type which represents a cdrom or floppy (the
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 79e50fd3e3..a632e04c3b 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2148,6 +2148,14 @@
     </element>
   </define>
 
+  <define name="diskSourceNetworkProtocolSSHHostVerify">
+    <element name="knownHosts">
+      <attribute name="path">
+        <ref name="absFilePath"/>
+      </attribute>
+    </element>
+  </define>
+
   <define name="diskSourceNetworkProtocolSSH">
     <element name="source">
       <interleave>
@@ -2163,6 +2171,9 @@
           <ref name="encryption"/>
         </optional>
         <ref name="diskSourceNetworkProtocolPropsCommon"/>
+        <optional>
+          <ref name="diskSourceNetworkProtocolSSHHostVerify"/>
+        </optional>
         <optional>
           <ref name="diskAuth"/>
         </optional>
-- 
2.39.0

More information about the libvir-list mailing list