ssh transport based on ssh command line client

[dmacvicar]

This implementation uses the ssh command line client and therefore respect user settings.

To enable it, you need to use the use_ssh_cmd=1 parameter. Example: qemu+ssh://user@localhost/system?no_verify=1&use_ssh_cmd=1.

It supports the options of the upstream ssh transport.

[jgooge]

TLS connection URI works with this. Fixes #1155

[dmacvicar]

@memetb @scabala @jgooge anyone of you had the chance to try use_ssh_cmd=1 with this branch?

[jgooge]

@dmacvicar not yet, but I can test today.

[memetb]

I will try to make some time this weekend.

[jgooge]

Nit: Terraform commands hang indefinitely if the host key check fails instead of exiting with an error:

5/03/19 20:03:51 [DEBUG] Using auto proxy mode with URI: qemu:///system: timestamp=2025-03-19T20:03:51.407-0600
2025-03-19T20:03:51.407-0600 [INFO]  provider.terraform-provider-libvirt: 2025/03/19 20:03:51 [INFO] SSH command dialer connecting to libvirt_host_1 with args: [-T -o ControlPath=none -e none -o BatchMode=yes -- username@libvirt_host_1 sh -c 'which virt-ssh-helper 1>/dev/null 2>&1; if test $? = 0; then virt-ssh-helper "qemu:///system"; else if "nc" -q 2>&1 | grep "requires an argument" >/dev/null 2>&1; then ARG=-q0; else ARG=; fi; "nc" $ARG -U /var/run/libvirt/libvirt-sock; fi']: timestamp=2025-03-19T20:03:51.407-0600
2025-03-19T20:03:51.567-0600 [WARN]  unexpected data: local/local/libvirt:stderr="@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:reGjvY02IwsrYvfeX7w04NuKJsFpM9UOKxGBZ8W6cHs.
Please contact your system administrator.
Add correct host key in /Users/james/.ssh/known_hosts to get rid of this message."
2025-03-19T20:03:51.567-0600 [WARN]  unexpected data: local/local/libvirt:stderr="Offending ECDSA key in /Users/james/.ssh/known_hosts:126"
2025-03-19T20:03:51.567-0600 [WARN]  unexpected data: local/local/libvirt:stderr="Host key for libvirt_host_1 has changed and you have requested strict checking.
Host key verification failed."

Otherwise, use_ssh_cmd=1 reads from the default ssh config properly and therefore works as expected.

[dmacvicar]

@jgooge should be fixed now.

[jgooge]

It is!!

[BohdanTkachenko]

This fix seems to work for me as well.

Is there anything apart from lint errors prevents merging this? Is there anything I could help with in this PR?

[dmacvicar]

ℹ️ ℹ️ ℹ️ ℹ️ ℹ️ ℹ️

This contribution is relevant to the legacy version of the provider, which is now in the v0.8 branch of this repository.

Future development is based on a new provider, which is not compatible with this one, nor does share code.

As the new provider solves many issues with the legacy, and to make development in my free time more enjoyable, I have decided to close all PRs for the legacy provider, and to ask to check if the contribution would apply to the new one. This also to encourage trying the new version.

• https://registry.terraform.io/providers/dmacvicar/libvirt/latest

and check the documentation:

• https://github.com/dmacvicar/terraform-provider-libvirt/blob/main/README.md
• https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs

You are free to reopen the PR for v0.8, which is targetted now to the v0.8 branch. We may also start a discussion if we can assemble a team of maintainters for the legacy branch. My efforts will go into the new provider.

I ask you to check the new provider and re-evaluate this contribution. 🙏