guix-copy: Honor the SSH port of a host when defined in ~/.ssh/config

  • Open
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 5 Nov 2018 05:58
(name . bug-guix)(address . bug-guix@gnu.org)
87a7mo5de4.fsf@gmail.com
Hello,

I recently stumbled on the bug where guix copy would the port 22 even
when I had specified a different one in my ~/.ssh/config file.

This bug is triggered when omitting the port in the --to= (or --from)
expression, such as in

guix copy --to=somehost bash

And where somehost exists in ~/.ssh/config, say:

Host somehost
User someuser
HostName someplace.somedns.net
Port 1234

Instead of using port 1234, the port 22 would be used. Commit
cc1dfc202f is the reason of this overriding; the attached patch
reverts it, with a detailed explanation.

Thank you,

Maxim
From 942eb8cabef5b7c8b4425c765b6ee2ac9f529ad8 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 4 Nov 2018 23:35:16 -0500
Subject: [PATCH] Revert "copy: Default to port 22."

This reverts commit cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9. Specifying a
default port had the undesirable effect of disregarding a port specification
for a given host in the ~/.ssh/config that would otherwise have been honored
at the time `open-ssh-session' calls the `session-parse-config!' method.

In any case, `make-session' will default the port value of the created session
to 22 if left unspecified.
---
guix/scripts/copy.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/guix/scripts/copy.scm b/guix/scripts/copy.scm
index 4c8592985..d35eed74e 100644
--- a/guix/scripts/copy.scm
+++ b/guix/scripts/copy.scm
@@ -75,8 +75,7 @@ package names, build the underlying packages before sending them."
(and (or (assoc-ref opts 'dry-run?)
(build-derivations local drv))
- (let* ((session (open-ssh-session host #:user user
- #:port (or port 22)))
+ (let* ((session (open-ssh-session host #:user user #:port port))
(sent (send-files local items
(connect-to-remote-daemon session)
#:recursive? #t)))
@@ -89,7 +88,7 @@ package names, build the underlying packages before sending them."
(let*-values (((user host port)
(ssh-spec->user+host+port source))
((session)
- (open-ssh-session host #:user user #:port (or port 22)))
+ (open-ssh-session host #:user user #:port port))
((remote)
(connect-to-remote-daemon session)))
(set-build-options-from-command-line local opts)
--
2.19.0
L
L
Ludovic Courtès wrote on 6 Nov 2018 15:12
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 33266@debbugs.gnu.org)
87o9b21ehv.fsf@gnu.org
Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (13 lines)
> From 942eb8cabef5b7c8b4425c765b6ee2ac9f529ad8 Mon Sep 17 00:00:00 2001
> From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
> Date: Sun, 4 Nov 2018 23:35:16 -0500
> Subject: [PATCH] Revert "copy: Default to port 22."
>
> This reverts commit cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9. Specifying a
> default port had the undesirable effect of disregarding a port specification
> for a given host in the ~/.ssh/config that would otherwise have been honored
> at the time `open-ssh-session' calls the `session-parse-config!' method.
>
> In any case, `make-session' will default the port value of the created session
> to 22 if left unspecified.

This looks good, and indeed it’s an unintended consequence of commit
cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9.

However, the log of commit cc1dfc had this:

Failing to do that, "%p" would be "0" when using "ProxyCommand"
in ~/.ssh/config.

This is arguably a defect in either Guile-SSH or (more likely) libssh,
and it would be nice to report it.

Would you like to report it upstream?

Thanks,
Ludo’.
M
M
Maxim Cournoyer wrote on 9 Nov 2018 04:35
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 33266@debbugs.gnu.org)
871s7u53ej.fsf@gmail.com
Hello!

ludo@gnu.org (Ludovic Courtès) writes:

[...]

Toggle quote (8 lines)
> This looks good, and indeed it’s an unintended consequence of commit
> cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9.
>
> However, the log of commit cc1dfc had this:
>
> Failing to do that, "%p" would be "0" when using "ProxyCommand"
> in ~/.ssh/config.

Yeah, I had seen this message, but was doubting if it was still
valid. Helas, it seems so:

Given the ~/.ssh/config snippet (and configured machines):
Toggle snippet (11 lines)
Host vm-host
HostName 10.5.5.5
User someuser
Host some-guest
IdentityFile ~/.ssh/vm-host/id_rsa
HostName some-guest
User guest
ProxyCommand ssh vm-host nc %h %p

Toggle snippet (23 lines)
scheme@(guile-user)> ,use (ssh session)
scheme@(guile-user)> (make-session #:host "some-guest")
$1 = #<session #<undefined>@some-guest:22 (disconnected) 11dffe0>
scheme@(guile-user)> (session-get $1 'host)
$2 = "some-guest"
scheme@(guile-user)> (session-get $1 'port)
$3 = 22
scheme@(guile-user)> (session-parse-config! $1 "~/.ssh/config")
$4 = #<undefined>
scheme@(guile-user)> (session-get $1 'port)
$5 = 22
scheme@(guile-user)> (connect! $1)
$6 = error
scheme@(guile-user)> (make-session #:host "some-guest" #:port 22)
$7 = #<session #<undefined>@some-guest:22 (disconnected) 11dffc0>
scheme@(guile-user)> (session-parse-config! $7 "~/.ssh/config")
$8 = #<undefined>
scheme@(guile-user)> (session-get $7 'port)
$9 = 22
scheme@(guile-user)> (connect! $7)
$10 = ok

Toggle quote (5 lines)
> This is arguably a defect in either Guile-SSH or (more likely) libssh,
> and it would be nice to report it.
>
> Would you like to report it upstream?

It has to be in libssh. I'll try to come up with a repro in C, and
submit the issue to them.

When it's done, I'll add a note in the code.

To be continued... Thanks for looking :)

Maxim
L
L
Ludovic Courtès wrote on 22 Jan 2019 23:09
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 33266@debbugs.gnu.org)
874la0jqf0.fsf@gnu.org
Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (15 lines)
> ludo@gnu.org (Ludovic Courtès) writes:
>
> [...]
>
>> This looks good, and indeed it’s an unintended consequence of commit
>> cc1dfc202f2fefb6c2eb9467d1fc90a9154550c9.
>>
>> However, the log of commit cc1dfc had this:
>>
>> Failing to do that, "%p" would be "0" when using "ProxyCommand"
>> in ~/.ssh/config.
>
> Yeah, I had seen this message, but was doubting if it was still
> valid. Helas, it seems so:

[...]

Toggle quote (8 lines)
>> This is arguably a defect in either Guile-SSH or (more likely) libssh,
>> and it would be nice to report it.
>>
>> Would you like to report it upstream?
>
> It has to be in libssh. I'll try to come up with a repro in C, and
> submit the issue to them.

With the recent upgrade to libssh 0.8.6, is the issue still present?

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 33266@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 33266
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch