Skip to content

ssh transport based on ssh command line client #1166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 12 commits into
base: main
Choose a base branch
from
Draft

ssh transport based on ssh command line client #1166

wants to merge 12 commits into from

Conversation

dmacvicar
Copy link
Owner

This implementation uses the ssh command line client and therefore respect user settings.

To enable it, you need to use the use_ssh_cmd=1 parameter. Example: qemu+ssh://user@localhost/system?no_verify=1&use_ssh_cmd=1.

It supports the options of the upstream ssh transport.

@dmacvicar dmacvicar added Feedback wanted Important (Wanted) Feature or contribution desired to be had and merged labels Mar 12, 2025
@dmacvicar dmacvicar self-assigned this Mar 12, 2025
Repository owner deleted a comment from coderabbitai bot Mar 12, 2025
@jgooge
Copy link

jgooge commented Mar 15, 2025

TLS connection URI works with this. Fixes #1155

@dmacvicar
Copy link
Owner Author

@memetb @scabala @jgooge anyone of you had the chance to try use_ssh_cmd=1 with this branch?

@jgooge
Copy link

jgooge commented Mar 19, 2025

@dmacvicar not yet, but I can test today.

@memetb
Copy link
Contributor

memetb commented Mar 19, 2025

I will try to make some time this weekend.

@jgooge
Copy link

jgooge commented Mar 20, 2025

Nit: Terraform commands hang indefinitely if the host key check fails instead of exiting with an error:

5/03/19 20:03:51 [DEBUG] Using auto proxy mode with URI: qemu:///system: timestamp=2025-03-19T20:03:51.407-0600
2025-03-19T20:03:51.407-0600 [INFO]  provider.terraform-provider-libvirt: 2025/03/19 20:03:51 [INFO] SSH command dialer connecting to libvirt_host_1 with args: [-T -o ControlPath=none -e none -o BatchMode=yes -- username@libvirt_host_1 sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; if test $? = 0; then virt-ssh-helper "qemu:///system"; else if "nc" -q 2>&1 | grep "requires an argument" >/dev/null 2>&1; then ARG=-q0; else ARG=; fi; "nc" $ARG -U /var/run/libvirt/libvirt-sock; fi']: timestamp=2025-03-19T20:03:51.407-0600
2025-03-19T20:03:51.567-0600 [WARN]  unexpected data: local/local/libvirt:stderr="@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:reGjvY02IwsrYvfeX7w04NuKJsFpM9UOKxGBZ8W6cHs.
Please contact your system administrator.
Add correct host key in /Users/james/.ssh/known_hosts to get rid of this message."
2025-03-19T20:03:51.567-0600 [WARN]  unexpected data: local/local/libvirt:stderr="Offending ECDSA key in /Users/james/.ssh/known_hosts:126"
2025-03-19T20:03:51.567-0600 [WARN]  unexpected data: local/local/libvirt:stderr="Host key for libvirt_host_1 has changed and you have requested strict checking.
Host key verification failed."

Otherwise, use_ssh_cmd=1 reads from the default ssh config properly and therefore works as expected.

@dmacvicar
Copy link
Owner Author

@jgooge should be fixed now.

@jgooge
Copy link

jgooge commented Mar 26, 2025

It is!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dmacvicar dmacvicar

Labels
Feedback wanted Important (Wanted) Feature or contribution desired to be had and merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmacvicar @jgooge @memetb