From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:59600)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UIhWO-0000kq-Q7
	for qemu-devel@nongnu.org; Thu, 21 Mar 2013 11:35:18 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UIhWI-0002Cz-74
	for qemu-devel@nongnu.org; Thu, 21 Mar 2013 11:35:16 -0400
Received: from mail-wi0-x22f.google.com ([2a00:1450:400c:c05::22f]:64925)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UIhNr-0001yf-Tf
	for qemu-devel@nongnu.org; Thu, 21 Mar 2013 11:26:28 -0400
Received: by mail-wi0-f175.google.com with SMTP id c10so1362312wiw.2
	for <qemu-devel@nongnu.org>; Thu, 21 Mar 2013 08:26:27 -0700 (PDT)
Date: Thu, 21 Mar 2013 16:26:23 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20130321152623.GC16677@stefanha-thinkpad.redhat.com>
References: <1363873138-30568-1-git-send-email-rjones@redhat.com>
	<1363873138-30568-2-git-send-email-rjones@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1363873138-30568-2-git-send-email-rjones@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] block: Add support for Secure Shell (ssh)
 block device.
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Richard W.M. Jones" <rjones@redhat.com>
Cc: qemu-devel@nongnu.org

On Thu, Mar 21, 2013 at 01:38:58PM +0000, Richard W.M. Jones wrote:
> From: "Richard W.M. Jones" <rjones@redhat.com>
> 
>   qemu-system-x86_64 -drive file=ssh://hostname/some/image
> 
> QEMU will ssh into 'hostname' and open '/some/image' which is made
> available as a standard block device.
> 
> You can specify a username (ssh://user@host/...) and/or a port number
> (ssh://host:port/...).

I can see this being handy for qemu-img since it gives you the ability
to work with remote image files.

> Current limitations:
> 
> - Authentication must be done without passwords or passphrases, using
>   ssh-agent.  Other authentication methods are not supported. (*)
> 
> - Does not check host key. (*)
> 
> - New remote files cannot be created. (*)

Would be important to fix these limitations.  Authentication methods to
make this more usable.  Host key check for security.  File creation for
qemu-img.

> - Uses coroutine read/write, instead of true AIO.  (libssh2 supports
>   non-blocking access, so this could be fixed with some effort).

This patch does not really use coroutines - the SSH I/O is blocking!

Coroutines must submit the SSH I/O and then yield so the QEMU event loop
can get on with other work.  When SSH I/O finishes the request's
coroutine is re-entered and the request gets completed.

> - Blocks during connection and authentication.

Right now the code also blocks while SSH I/O takes place.

> (*) = potentially easy fix
> 
> This is implemented using libssh2 on the client side.  The server just
> requires a regular ssh daemon with sftp-server support.  Most ssh
> daemons on Unix/Linux systems will work out of the box.

How much of a win over sshfs is this?

sshfs can be mounted by unprivileged users and QEMU accesses it like a
regular file.  So the sshfs approach already works today.

Stefan