guix-copy: Honor the SSH port of a host when defined in ~/.ssh/config

  • Open
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 5 Nov 2018 05:58
(name . bug-guix)(address . bug-guix@gnu.org)
87a7mo5de4.fsf@gmail.com
Hello,

I recently stumbled on the bug where guix copy would the port 22 even
when I had specified a different one in my ~/.ssh/config file.

This bug is triggered when omitting the port in the --to= (or --from)
expression, such as in

guix copy --to=somehost bash

And where somehost exists in ~/.ssh/config, say:

Host somehost
User someuser
HostName someplace.somedns.net
Port 1234

Instead of using port 1234, the port 22 would be used. Commit
cc1dfc202f is the reason of this overriding; the attached patch
reverts it, with a detailed explanation.

Thank you,

Maxim
From 942eb8cabef5b7c8b4425c765b6ee2ac9f529ad8 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 4 Nov 2018 23:35:16 -0500
Subject: [PATCH] Revert "copy: Default to port 22."

This reverts commit cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9. Specifying a
default port had the undesirable effect of disregarding a port specification
for a given host in the ~/.ssh/config that would otherwise have been honored
at the time `open-ssh-session' calls the `session-parse-config!' method.

In any case, `make-session' will default the port value of the created session
to 22 if left unspecified.
---
guix/scripts/copy.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/guix/scripts/copy.scm b/guix/scripts/copy.scm
index 4c8592985..d35eed74e 100644
--- a/guix/scripts/copy.scm
+++ b/guix/scripts/copy.scm
@@ -75,8 +75,7 @@ package names, build the underlying packages before sending them."
(and (or (assoc-ref opts 'dry-run?)
(build-derivations local drv))
- (let* ((session (open-ssh-session host #:user user
- #:port (or port 22)))
+ (let* ((session (open-ssh-session host #:user user #:port port))
(sent (send-files local items
(connect-to-remote-daemon session)
#:recursive? #t)))
@@ -89,7 +88,7 @@ package names, build the underlying packages before sending them."
(let*-values (((user host port)
(ssh-spec->user+host+port source))
((session)
- (open-ssh-session host #:user user #:port (or port 22)))
+ (open-ssh-session host #:user user #:port port))
((remote)
(connect-to-remote-daemon session)))
(set-build-options-from-command-line local opts)
--
2.19.0
L
L
Ludovic Courtès wrote on 6 Nov 2018 15:12
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 33266@debbugs.gnu.org)
87o9b21ehv.fsf@gnu.org
Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (13 lines)
> From 942eb8cabef5b7c8b4425c765b6ee2ac9f529ad8 Mon Sep 17 00:00:00 2001
> From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
> Date: Sun, 4 Nov 2018 23:35:16 -0500
> Subject: [PATCH] Revert "copy: Default to port 22."
>
> This reverts commit cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9. Specifying a
> default port had the undesirable effect of disregarding a port specification
> for a given host in the ~/.ssh/config that would otherwise have been honored
> at the time `open-ssh-session' calls the `session-parse-config!' method.
>
> In any case, `make-session' will default the port value of the created session
> to 22 if left unspecified.

This looks good, and indeed it’s an unintended consequence of commit
cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9.

However, the log of commit cc1dfc had this:

Failing to do that, "%p" would be "0" when using "ProxyCommand"
in ~/.ssh/config.

This is arguably a defect in either Guile-SSH or (more likely) libssh,
and it would be nice to report it.

Would you like to report it upstream?

Thanks,
Ludo’.
M
M
Maxim Cournoyer wrote on 9 Nov 2018 04:35
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 33266@debbugs.gnu.org)
871s7u53ej.fsf@gmail.com
Hello!

ludo@gnu.org (Ludovic Courtès) writes:

[...]

Toggle quote (8 lines)
> This looks good, and indeed it’s an unintended consequence of commit
> cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9.
>
> However, the log of commit cc1dfc had this:
>
> Failing to do that, "%p" would be "0" when using "ProxyCommand"
> in ~/.ssh/config.

Yeah, I had seen this message, but was doubting if it was still
valid. Helas, it seems so:

Given the ~/.ssh/config snippet (and configured machines):
Toggle snippet (11 lines)
Host vm-host
HostName 10.5.5.5
User someuser
Host some-guest
IdentityFile ~/.ssh/vm-host/id_rsa
HostName some-guest
User guest
ProxyCommand ssh vm-host nc %h %p

Toggle snippet (23 lines)
scheme@(guile-user)> ,use (ssh session)
scheme@(guile-user)> (make-session #:host "some-guest")
$1 = #<session #<undefined>@some-guest:22 (disconnected) 11dffe0>
scheme@(guile-user)> (session-get $1 'host)
$2 = "some-guest"
scheme@(guile-user)> (session-get $1 'port)
$3 = 22
scheme@(guile-user)> (session-parse-config! $1 "~/.ssh/config")
$4 = #<undefined>
scheme@(guile-user)> (session-get $1 'port)
$5 = 22
scheme@(guile-user)> (connect! $1)
$6 = error
scheme@(guile-user)> (make-session #:host "some-guest" #:port 22)
$7 = #<session #<undefined>@some-guest:22 (disconnected) 11dffc0>
scheme@(guile-user)> (session-parse-config! $7 "~/.ssh/config")
$8 = #<undefined>
scheme@(guile-user)> (session-get $7 'port)
$9 = 22
scheme@(guile-user)> (connect! $7)
$10 = ok

Toggle quote (5 lines)
> This is arguably a defect in either Guile-SSH or (more likely) libssh,
> and it would be nice to report it.
>
> Would you like to report it upstream?

It has to be in libssh. I'll try to come up with a repro in C, and
submit the issue to them.

When it's done, I'll add a note in the code.

To be continued... Thanks for looking :)

Maxim
L
L
Ludovic Courtès wrote on 22 Jan 2019 23:09
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 33266@debbugs.gnu.org)
874la0jqf0.fsf@gnu.org
Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (15 lines)
> ludo@gnu.org (Ludovic Courtès) writes:
>
> [...]
>
>> This looks good, and indeed it’s an unintended consequence of commit
>> cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9.
>>
>> However, the log of commit cc1dfc had this:
>>
>> Failing to do that, "%p" would be "0" when using "ProxyCommand"
>> in ~/.ssh/config.
>
> Yeah, I had seen this message, but was doubting if it was still
> valid. Helas, it seems so:

[...]

Toggle quote (8 lines)
>> This is arguably a defect in either Guile-SSH or (more likely) libssh,
>> and it would be nice to report it.
>>
>> Would you like to report it upstream?
>
> It has to be in libssh. I'll try to come up with a repro in C, and
> submit the issue to them.

With the recent upgrade to libssh 0.8.6, is the issue still present?

Ludo’.
?