[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4] block: Add support for Secure Shell (ssh) bl
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [PATCH v4] block: Add support for Secure Shell (ssh) block device. |
|
Date: |
Tue, 9 Apr 2013 14:56:31 +0200 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, Apr 09, 2013 at 08:30:44AM +0100, Richard W.M. Jones wrote:
> On Mon, Apr 08, 2013 at 10:21:44PM +0200, Stefan Hajnoczi wrote:
> > On Mon, Apr 8, 2013 at 4:58 PM, Stefan Hajnoczi <address@hidden> wrote:
> > > On Mon, Apr 8, 2013 at 3:05 PM, Richard W.M. Jones <address@hidden> wrote:
> > > From what I can see libssh2 does not support loading .ssh/config.
> >
> > I was told that sshfs *does* handle .ssh/config. Turns out that sshfs
> > spawns "ssh -s sftp" to get a SFTP subsystem channel. Then it
> > directly implements the SFTP application protocol.
> >
> > This way they don't need to link against libssh2. They spawn ssh with
> > a socketpair on stdin/stdout. They send/receive SFTP messages
> > directly.
>
> Indeed, as I mentioned in an earlier message, sshfs implements the
> complete SFTP stack itself and uses an external ssh process.
>
> It's up to 5 times as much code to do so:
>
> sshfs-fuse-2.4$ wc -l *.c
> 589 cache.c
> 3930 sshfs.c
> 18 sshnodelay.c
> 4537 total
>
> qemu/block$ wc -l ssh.c
> 914 ssh.c
>
> I don't think having an entire SFTP stack inside qemu would help.
How many SFTP messages do you need? Probably just a handfull (read,
write, fsync, open, close).
sshfs does way more than just that. It implements the entire FUSE VFS
interface and a cache. So I think the lines of code comparison isn't
apples to apples.
The more practical reason for not spawning an external ssh process would
be that QEMU is increasingly being jailed and handed only file
descriptors. This works well for a TCP socket but is messier if the
management stack has to launch SSH on behalf of QEMU first before
handing the socketpair.
Anyway, the reason I like the external ssh process approach is that we
get all the standard hostkey and configuration file handling. Usability
is important, if the integration has too many rough edges, people will
not use the block driver.
> > I just hit a libssh2 limitation. In my .ssh/config I have:
> > NoHostAuthenticationForLocalhost yes
> >
> > This stops ssh from complaining when I hope to another host through an
> > ssh tunnel (the host key wouldn't match localhost).
>
> I'm using the ssh configuration attached for tunnelling through
> another host. It doesn't require toggling
> 'NoHostAuthenticationForLocalhost', and so is safer because it still
> does host key checking.
Cool, thanks for sharing that.
> I think a better and simpler way to solve this is simply to allow URLs
> like:
>
> ssh://localhost/path?host_key_check=no
>
> which is the same as NoHostAuthenticationForLocalhost (ie don't do any
> host checking on this connection).
>
> Even better would be to let people specify the key:
>
> ssh://localhost/path?host_key_check=aa:bb:cc:dd:ee:ff
>
> This means that management applications can parse .ssh/config if they
> feel like doing that.
These are steps in the right direction of making -drive ssh:// easy to
use.
Stefan