From: "Richard W.M. Jones" <rjones@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: qemu-devel@nongnu.org, Kevin Wolf <kwolf@redhat.com>,
Max Reitz <mreitz@redhat.com>,
qemu-block@nongnu.org, ptoscano@redhat.com, berrange@redhat.com
Subject: [Qemu-devel] Whither qemu's ssh driver? (was: Re: [PATCH 02/15] block/ssh: Do not report read/write/flush errors to the user)
Date: Mon, 8 Apr 2019 18:22:11 +0100 [thread overview]
Message-ID: <20190408172202.GH3926@redhat.com> (raw)
In-Reply-To: <20190408083627.7479-3-armbru@redhat.com>
I don't know much about this patch which looks like internal qemu
rearrangements so I guess fine. However I do have a few things to say
about the ssh driver ...
As you know I wrote this a few years ago, and it uses libssh2.
libssh2 has not evolved as quickly as we'd like and it may be better
to use libssh instead -- despite the names, these are two separate and
unrelated libraries. libssh supports a wider range of SSH encryption
and has more features. It's generally more likely to work against a
random SSH server. It has also been through the FIPS process. Indeed
Red Hat made the decision to switch exclusively to libssh in RHEL 8,
if that carries any weight.
Pino posted a libssh2 -> libssh conversion patch a while back, but it
has been somewhat stuck in review. If I recall the latest concern was
whether it performs as well as the libssh2 version.
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg07267.html
In the meantime I added libssh support to nbdkit. nbdkit can be used
as a complete replacement for qemu's ssh driver.
nbdkit ssh host=foo.example.com disk.img -U tmpdirXXXXXX/sock
qemu -hda nbd:unix:tmpdirXXXXXX/sock
In fact it's somewhat superior (IMHO) because all of the tricky code
handling libssh runs outside qemu in a separate process, improving
isolation and potentially allowing separate, restrictive security
policies to be applied. For example it would no longer be necessary
to give qemu permission to connect to remote SSH servers.
Could we make this really smooth somehow? nbdkit has a concept
[https://www.mankier.com/1/nbdkit-captive] where we make it easy to
manage external commands owned by nbdkit. Is there an equivalent
feature of qemu where:
qemu -object exec,id=nbd1,cmd='nbdkit -f -U $sock ssh ...' \
-drive file.driver=nbd,file.socket=nbd1
would run the command but also allocate a socket and kill the
subcommand on exit (of qemu)?
Basically I'm trying to think about how to make this a reality:
https://rwmj.files.wordpress.com/2018/10/drawing2-svg.png
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
WARNING: multiple messages have this Message-ID (diff)
From: "Richard W.M. Jones" <rjones@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org,
ptoscano@redhat.com, Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] Whither qemu's ssh driver? (was: Re: [PATCH 02/15] block/ssh: Do not report read/write/flush errors to the user)
Date: Mon, 8 Apr 2019 18:22:11 +0100 [thread overview]
Message-ID: <20190408172202.GH3926@redhat.com> (raw)
Message-ID: <20190408172211.8LZZ8cz_mGqhbBAwXcI8l628kceJV3JjpU7sOLef4oA@z> (raw)
In-Reply-To: <20190408083627.7479-3-armbru@redhat.com>
I don't know much about this patch which looks like internal qemu
rearrangements so I guess fine. However I do have a few things to say
about the ssh driver ...
As you know I wrote this a few years ago, and it uses libssh2.
libssh2 has not evolved as quickly as we'd like and it may be better
to use libssh instead -- despite the names, these are two separate and
unrelated libraries. libssh supports a wider range of SSH encryption
and has more features. It's generally more likely to work against a
random SSH server. It has also been through the FIPS process. Indeed
Red Hat made the decision to switch exclusively to libssh in RHEL 8,
if that carries any weight.
Pino posted a libssh2 -> libssh conversion patch a while back, but it
has been somewhat stuck in review. If I recall the latest concern was
whether it performs as well as the libssh2 version.
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg07267.html
In the meantime I added libssh support to nbdkit. nbdkit can be used
as a complete replacement for qemu's ssh driver.
nbdkit ssh host=foo.example.com disk.img -U tmpdirXXXXXX/sock
qemu -hda nbd:unix:tmpdirXXXXXX/sock
In fact it's somewhat superior (IMHO) because all of the tricky code
handling libssh runs outside qemu in a separate process, improving
isolation and potentially allowing separate, restrictive security
policies to be applied. For example it would no longer be necessary
to give qemu permission to connect to remote SSH servers.
Could we make this really smooth somehow? nbdkit has a concept
[https://www.mankier.com/1/nbdkit-captive] where we make it easy to
manage external commands owned by nbdkit. Is there an equivalent
feature of qemu where:
qemu -object exec,id=nbd1,cmd='nbdkit -f -U $sock ssh ...' \
-drive file.driver=nbd,file.socket=nbd1
would run the command but also allocate a socket and kill the
subcommand on exit (of qemu)?
Basically I'm trying to think about how to make this a reality:
https://rwmj.files.wordpress.com/2018/10/drawing2-svg.png
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
next prev parent reply other threads:[~2019-04-08 17:28 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-08 8:36 [Qemu-devel] [PATCH 00/15] Clean up use of error_printf() Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 01/15] qemu-img: Use error_vreport() in error_exit() Markus Armbruster
2019-04-08 8:36 ` Markus Armbruster
2019-04-08 18:37 ` Eric Blake
2019-04-08 8:36 ` [Qemu-devel] [PATCH 02/15] block/ssh: Do not report read/write/flush errors to the user Markus Armbruster
2019-04-08 8:36 ` Markus Armbruster
2019-04-08 17:22 ` Richard W.M. Jones [this message]
2019-04-08 17:22 ` [Qemu-devel] Whither qemu's ssh driver? (was: Re: [PATCH 02/15] block/ssh: Do not report read/write/flush errors to the user) Richard W.M. Jones
2019-04-08 18:07 ` [Qemu-devel] Whither qemu's ssh driver? Markus Armbruster
2019-04-08 18:07 ` Markus Armbruster
2019-04-08 18:13 ` Richard W.M. Jones
2019-04-08 18:13 ` Richard W.M. Jones
2019-04-08 18:33 ` [Qemu-devel] Whither qemu's ssh driver? (was: Re: [PATCH 02/15] block/ssh: Do not report read/write/flush errors to the user) Max Reitz
2019-04-08 18:33 ` Max Reitz
2019-04-09 6:05 ` [Qemu-devel] Whither qemu's ssh driver? Markus Armbruster
2019-04-09 6:05 ` Markus Armbruster
2019-04-08 19:13 ` [Qemu-devel] [PATCH 02/15] block/ssh: Do not report read/write/flush errors to the user Eric Blake
2019-04-09 6:09 ` Markus Armbruster
2019-04-09 6:09 ` Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 03/15] char-pty: Drop "char device redirected to" message Markus Armbruster
2019-04-08 9:20 ` Marc-André Lureau
2019-04-08 9:20 ` Marc-André Lureau
2019-04-08 12:31 ` Markus Armbruster
2019-04-09 10:40 ` Philippe Mathieu-Daudé
2019-04-09 11:25 ` Marc-André Lureau
2019-04-09 11:25 ` Marc-André Lureau
2019-04-11 11:47 ` Daniel P. Berrangé
2019-04-11 11:47 ` Daniel P. Berrangé
2019-04-08 8:36 ` [Qemu-devel] [PATCH 04/15] loader-fit: Wean off error_printf() Markus Armbruster
2019-04-08 8:36 ` Markus Armbruster
2019-04-08 10:49 ` Philippe Mathieu-Daudé
2019-04-08 8:36 ` [Qemu-devel] [PATCH 05/15] mips/boston: Report errors with error_report(), not error_printf() Markus Armbruster
2019-04-08 8:36 ` Markus Armbruster
2019-04-08 10:53 ` Philippe Mathieu-Daudé
2019-04-08 8:36 ` [Qemu-devel] [PATCH 06/15] pci: Report fatal " Markus Armbruster
2019-04-08 8:36 ` Markus Armbruster
2019-04-08 8:41 ` Marcel Apfelbaum
2019-04-08 8:36 ` [Qemu-devel] [PATCH 07/15] hpet: Report warnings with warn_report(), " Markus Armbruster
2019-04-08 8:36 ` Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 08/15] vfio: " Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 09/15] s390x/kvm: " Markus Armbruster
2019-04-08 8:39 ` Thomas Huth
2019-04-08 9:04 ` Cornelia Huck
2019-04-08 9:04 ` Cornelia Huck
2019-04-08 12:32 ` Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 10/15] vl: Make -machine $TYPE, help and -accel help print to stdout Markus Armbruster
2019-04-08 8:44 ` Marcel Apfelbaum
2019-04-08 12:33 ` Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 11/15] monitor error: Make printf()-like functions return a value Markus Armbruster
2019-04-08 13:18 ` Markus Armbruster
2019-04-08 16:23 ` Dr. David Alan Gilbert
2019-04-08 8:36 ` [Qemu-devel] [PATCH 12/15] qemu-print: New qemu_printf(), qemu_vprintf() etc Markus Armbruster
2019-04-08 11:00 ` Philippe Mathieu-Daudé
2019-04-09 18:00 ` Dr. David Alan Gilbert
2019-04-10 5:08 ` Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 13/15] blockdev: Make -drive format=help print to stdout Markus Armbruster
2019-04-08 8:36 ` Markus Armbruster
2019-04-08 11:01 ` Philippe Mathieu-Daudé
2019-04-08 8:36 ` [Qemu-devel] [PATCH 14/15] char: Make -chardev help " Markus Armbruster
2019-04-08 9:10 ` Marc-André Lureau
2019-04-08 9:10 ` Marc-André Lureau
2019-04-08 11:02 ` Philippe Mathieu-Daudé
2019-04-08 19:04 ` Eric Blake
2019-04-09 6:10 ` Markus Armbruster
2019-04-09 6:10 ` Markus Armbruster
2019-04-08 8:36 ` [Qemu-devel] [PATCH 15/15] monitor: Simplify how -device/device_add print help Markus Armbruster
2019-04-09 18:41 ` Dr. David Alan Gilbert
2019-04-08 10:51 ` [Qemu-devel] [PATCH 00/15] Clean up use of error_printf() no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190408172202.GH3926@redhat.com \
--to=rjones@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=ptoscano@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.