On 7/26/19 9:45 AM, Pino Toscano wrote: > On Friday, 26 July 2019 16:27:11 CEST Richard W.M. Jones wrote: >> On Fri, Jul 26, 2019 at 04:09:52PM +0200, Pino Toscano wrote: >>> These two patches add the password and private key authentication >>> methods to the ssh block driver, using secure objects for >>> passwords/passphrases. >> >> I was attempting to test this but couldn't work out the full command >> line to use it (with qemu-img). I got as far as: >> >> $ ./qemu-img convert -p 'json:{ "file.driver": "ssh", "file.host": "devr7", >> "file.path": "/var/tmp/root", "file.password-secret": "..." }' /var/tmp/root >> >> I guess the secret should be specified using --object, but at that >> point I gave up. > > Almost there :) add e.g. > --object 'secret,id=sec0,file=passwd' > as parameter for the convert command (so after it, not before), and then > set 'sec0' as value for file.password-secret. Of course 'sec0' is > arbitrary, any other QEMU id will do. > > A long helpful comment in include/crypto/secret.h explains the basics > of the crypto objects.
That is useful information, but even more useful if you amend the commit message to include a working example command line rather than making readers chase down the docs :) Untested, but piecing together what I know from my work on qemu-nbd encryption, it seems like this should be a starting point for such a command: qemu-img convert -p --imageopts --object secret,id=sec0,file=passwd \ driver=ssh,host=devr7,path=/var/tmp/root,password-secret=sec0 \ /var/tmp/copy -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature