Re: [libvirt] [PATCHv2] remote/ssh: support for no_verify.
2011/7/11 Oskari Saarenmaa o...@ohmu.fi: Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the no_verify extra parameter was specified. This won't disable host key checking for already known hosts. Includes a test and documentation. --- Thanks for the review, here's an updated patch. docs/remote.html.in | 9 +++-- src/remote/remote_driver.c | 1 + src/rpc/virnetclient.c | 3 ++- src/rpc/virnetclient.h | 1 + src/rpc/virnetsocket.c | 3 +++ src/rpc/virnetsocket.h | 1 + tests/virnetsockettest.c | 22 +++--- 7 files changed, 34 insertions(+), 6 deletions(-) diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c index f6c7274..e003a23 100644 --- a/tests/virnetsockettest.c +++ b/tests/virnetsockettest.c @@ -510,20 +513,33 @@ mymain(void) ret = -1; struct testSSHData sshData3 = { + .nodename = somehost, + .service = 9000, + .username = fred, + .netcat = netcat, + .noTTY = false, + .noVerify = true, + .path = /tmp/socket, + .expectOut = -p 9000 -l fred -o StrictHostKeyChecking=no somehost netcat -U /tmp/socket\n, + }; + if (virtTestRun(SSH test 3, 1, testSocketSSH, sshData2) 0) You use sshData2 in test 3, shouldn't this be sshData3? + + struct testSSHData sshData4 = { .nodename = nosuchhost, .path = /tmp/socket, .failConnect = true, }; - if (virtTestRun(SSH test 3, 1, testSocketSSH, sshData3) 0) + if (virtTestRun(SSH test 4, 1, testSocketSSH, sshData3) 0) ret = -1; Here it should be sshData4 instead of sshData3, I think. - struct testSSHData sshData4 = { + struct testSSHData sshData5 = { .nodename = crashyhost, .path = /tmp/socket, .expectOut = crashyhost nc -U /tmp/socket\n, .dieEarly = true, }; - if (virtTestRun(SSH test 4, 1, testSocketSSH, sshData4) 0) + if (virtTestRun(SSH test 5, 1, testSocketSSH, sshData4) 0) ret = -1; And here it should be sshData5 instead of sshData4, shouldn't it? I'm squashing in this diff to fix the off-by-one problem and pushing the result, thanks. diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c index e003a23..1697ced 100644 --- a/tests/virnetsockettest.c +++ b/tests/virnetsockettest.c @@ -522,7 +522,7 @@ mymain(void) .path = /tmp/socket, .expectOut = -p 9000 -l fred -o StrictHostKeyChecking=no somehost netcat -U /tmp/socket\n, }; -if (virtTestRun(SSH test 3, 1, testSocketSSH, sshData2) 0) +if (virtTestRun(SSH test 3, 1, testSocketSSH, sshData3) 0) ret = -1; struct testSSHData sshData4 = { @@ -530,7 +530,7 @@ mymain(void) .path = /tmp/socket, .failConnect = true, }; -if (virtTestRun(SSH test 4, 1, testSocketSSH, sshData3) 0) +if (virtTestRun(SSH test 4, 1, testSocketSSH, sshData4) 0) ret = -1; struct testSSHData sshData5 = { @@ -539,7 +539,7 @@ mymain(void) .expectOut = crashyhost nc -U /tmp/socket\n, .dieEarly = true, }; -if (virtTestRun(SSH test 5, 1, testSocketSSH, sshData4) 0) +if (virtTestRun(SSH test 5, 1, testSocketSSH, sshData5) 0) ret = -1; #endif I'm also adding you to the authors list. -- Matthias Bolte http://photron.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2] remote/ssh: support for no_verify.
Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the no_verify extra parameter was specified. This won't disable host key checking for already known hosts. Includes a test and documentation. --- Thanks for the review, here's an updated patch. docs/remote.html.in|9 +++-- src/remote/remote_driver.c |1 + src/rpc/virnetclient.c |3 ++- src/rpc/virnetclient.h |1 + src/rpc/virnetsocket.c |3 +++ src/rpc/virnetsocket.h |1 + tests/virnetsockettest.c | 22 +++--- 7 files changed, 34 insertions(+), 6 deletions(-) diff --git a/docs/remote.html.in b/docs/remote.html.in index f6a0683..39d65aa 100644 --- a/docs/remote.html.in +++ b/docs/remote.html.in @@ -279,9 +279,14 @@ Note that parameter values must be td codeno_verify/code /td -td tls /td -td - If set to a non-zero value, this disables client checks of the +td ssh, tls /td +td + SSH: If set to a non-zero value, this disables client's strict host key + checking making it auto-accept new host keys. Existing host keys will + still be validated. + br/ + br/ + TLS: If set to a non-zero value, this disables client checks of the server's certificate. Note that to disable server checks of the client's certificate or IP address you must a href=#Remote_libvirtd_configurationchange the libvirtd diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 5c0457e..6921c15 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -571,6 +571,7 @@ doRemoteOpen (virConnectPtr conn, command, username, no_tty, +no_verify, netcat ? netcat : nc, sockname))) goto failed; diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 6a112ee..b9f0fc8 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -187,12 +187,13 @@ virNetClientPtr virNetClientNewSSH(const char *nodename, const char *binary, const char *username, bool noTTY, + bool noVerify, const char *netcat, const char *path) { virNetSocketPtr sock; -if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, netcat, path, sock) 0) +if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, noVerify, netcat, path, sock) 0) return NULL; return virNetClientNew(sock, NULL); diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index de0782c..6acdf50 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -44,6 +44,7 @@ virNetClientPtr virNetClientNewSSH(const char *nodename, const char *binary, const char *username, bool noTTY, + bool noVerify, const char *netcat, const char *path); diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 3392047..41d9954 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -576,6 +576,7 @@ int virNetSocketNewConnectSSH(const char *nodename, const char *binary, const char *username, bool noTTY, + bool noVerify, const char *netcat, const char *path, virNetSocketPtr *retsock) @@ -596,6 +597,8 @@ int virNetSocketNewConnectSSH(const char *nodename, if (noTTY) virCommandAddArgList(cmd, -T, -o, BatchMode=yes, -e, none, NULL); +if (noVerify) +virCommandAddArgList(cmd, -o, StrictHostKeyChecking=no, NULL); virCommandAddArgList(cmd, nodename, netcat ? netcat : nc, -U, path, NULL); diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index 356d6c6..5f882ac 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -67,6 +67,7 @@ int virNetSocketNewConnectSSH(const char *nodename, const char *binary, const char *username, bool noTTY, + bool noVerify, const char *netcat, const char *path, virNetSocketPtr
Re: [libvirt] [PATCHv2] remote/ssh: support for no_verify.
On Mon, Jul 11, 2011 at 10:50:31PM +0300, Oskari Saarenmaa wrote: Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the no_verify extra parameter was specified. This won't disable host key checking for already known hosts. Includes a test and documentation. --- Thanks for the review, here's an updated patch. docs/remote.html.in|9 +++-- src/remote/remote_driver.c |1 + src/rpc/virnetclient.c |3 ++- src/rpc/virnetclient.h |1 + src/rpc/virnetsocket.c |3 +++ src/rpc/virnetsocket.h |1 + tests/virnetsockettest.c | 22 +++--- 7 files changed, 34 insertions(+), 6 deletions(-) ACK, this looks nice to me. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list