remote/ssh: optional "keyfile" parameter.

New optional parameter "keyfile" for ssh transport allows the user to select
the private key to be used to authenticate to the remote host.

docs/remote.html.in

@@ -275,6 +275,22 @@ Note that parameter values must be
         <td colspan="2"/>
         <td> Example: <code>netcat=/opt/netcat/bin/nc</code> </td>
       </tr>
+
+      <tr>
+        <td>
+          <code>keyfile</code>
+        </td>
+        <td> ssh </td>
+        <td>
+  The name of the private key file to use to authentication to the remote
+  machine.  If this option is not used the default keys are used.
+        </td>
+      </tr>
+      <tr>
+        <td colspan="2"/>
+        <td> Example: <code>keyfile=/root/.ssh/example_key</code> </td>
+      </tr>
+
       <tr>
         <td>
           <code>no_verify</code>

src/remote/remote_driver.c

@@ -352,7 +352,7 @@ doRemoteOpen (virConnectPtr conn,
     char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
     char *port = NULL, *authtype = NULL, *username = NULL;
     int no_verify = 0, no_tty = 0;
-    char *pkipath = NULL;
+    char *pkipath = NULL, *keyfile = NULL;
 
     /* Return code from this function, and the private data. */
     int retcode = VIR_DRV_OPEN_ERROR;
@@ -425,6 +425,11 @@ doRemoteOpen (virConnectPtr conn,
                 netcat = strdup (var->value);
                 if (!netcat) goto out_of_memory;
                 var->ignore = 1;
+            } else if (STRCASEEQ (var->name, "keyfile")) {
+                VIR_FREE(keyfile);
+                keyfile = strdup (var->value);
+                if (!keyfile) goto out_of_memory;
+                var->ignore = 1;
             } else if (STRCASEEQ (var->name, "no_verify")) {
                 no_verify = atoi (var->value);
                 var->ignore = 1;
@@ -582,6 +587,7 @@ doRemoteOpen (virConnectPtr conn,
                                                 no_tty,
                                                 no_verify,
                                                 netcat ? netcat : "nc",
+                                                keyfile,
                                                 sockname)))
             goto failed;
 
@@ -681,6 +687,7 @@ doRemoteOpen (virConnectPtr conn,
     VIR_FREE(sockname);
     VIR_FREE(authtype);
     VIR_FREE(netcat);
+    VIR_FREE(keyfile);
     VIR_FREE(username);
     VIR_FREE(port);
     VIR_FREE(pkipath);

src/rpc/virnetclient.c

@@ -201,11 +201,13 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
                                    bool noTTY,
                                    bool noVerify,
                                    const char *netcat,
+                                   const char *keyfile,
                                    const char *path)
 {
     virNetSocketPtr sock;
 
-    if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, noVerify, netcat, path, &sock) < 0)
+    if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY,
+                                  noVerify, netcat, keyfile, path, &sock) < 0)
         return NULL;
 
     return virNetClientNew(sock, NULL);

src/rpc/virnetclient.h

@@ -46,6 +46,7 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
                                    bool noTTY,
                                    bool noVerify,
                                    const char *netcat,
+                                   const char *keyfile,
                                    const char *path);
 
 virNetClientPtr virNetClientNewExternal(const char **cmdargv);

src/rpc/virnetsocket.c

@@ -594,6 +594,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
                               bool noTTY,
                               bool noVerify,
                               const char *netcat,
+                              const char *keyfile,
                               const char *path,
                               virNetSocketPtr *retsock)
 {
@@ -611,6 +612,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
         virCommandAddArgList(cmd, "-p", service, NULL);
     if (username)
         virCommandAddArgList(cmd, "-l", username, NULL);
+    if (keyfile)
+        virCommandAddArgList(cmd, "-i", keyfile, NULL);
     if (noTTY)
         virCommandAddArgList(cmd, "-T", "-o", "BatchMode=yes",
                              "-e", "none", NULL);

src/rpc/virnetsocket.h

@@ -69,6 +69,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
                               bool noTTY,
                               bool noVerify,
                               const char *netcat,
+                              const char *keyfile,
                               const char *path,
                               virNetSocketPtr *addr);
 

tests/virnetsockettest.c

@@ -379,6 +379,7 @@ struct testSSHData {
     bool noTTY;
     bool noVerify;
     const char *netcat;
+    const char *keyfile;
     const char *path;
 
     const char *expectOut;
@@ -400,6 +401,7 @@ static int testSocketSSH(const void *opaque)
                                   data->noTTY,
                                   data->noVerify,
                                   data->netcat,
+                                  data->keyfile,
                                   data->path,
                                   &csock) < 0)
         goto cleanup;
@@ -542,6 +544,16 @@ mymain(void)
     if (virtTestRun("SSH test 5", 1, testSocketSSH, &sshData5) < 0)
         ret = -1;
 
+    struct testSSHData sshData6 = {
+        .nodename = "example.com",
+        .path = "/tmp/socket",
+        .keyfile = "/root/.ssh/example_key",
+        .noVerify = true,
+        .expectOut = "-i /root/.ssh/example_key -o StrictHostKeyChecking=no example.com nc -U /tmp/socket\n",
+    };
+    if (virtTestRun("SSH test 6", 1, testSocketSSH, &sshData6) < 0)
+        ret = -1;
+
 #endif
 
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);