Pcompletion for ssh and scp

Pcompletion for ssh and scp

[Phil Hagelberg]

[-- Attachment #1: Type: text/plain, Size: 707 bytes --]


Hello.

I've added support for hostname completion in eshell when using ssh and
scp. It gathers a list of hostnames from the ~/.ssh/known_hosts file.

SSH completion completes only from the list of hostnames; SCP completes
from files and directories currently present plus the list of
hostnames. It also assumes that each hostname is followed by either a
space or a comma, which is the case on the systems I've checked but may
not be a universal rule.

Would this be suitable for inclusion in Emacs? It may not be portable to
all the systems Emacs supports since it assumes the existence of the
known_hosts file, but I think it's fairly useful nonetheless.

I've attached the file; please comment.

-Phil


[-- Attachment #2: pcomplete support for ssh and scp --]
[-- Type: application/emacs-lisp, Size: 2985 bytes --]

[-- Attachment #3: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Pcompletion for ssh and scp

[Stefan Monnier]

> hostnames. It also assumes that each hostname is followed by either a
> space or a comma, which is the case on the systems I've checked but may
> not be a universal rule.

All my known_hosts files have "hostnames" that are encoded in the
following way:

   |1|bXOTR5GrVkVH4ABavbfZ7f2G0EQ=|drXHp56kwVXBTdc/f92649SXiTw=

I don't know how widespread this is, but I haven't made anything special
to get them: I'm using the standard Debian package without any special
configuation in this respect, so for your feature to be useful I think
it needs to handle this case.


        Stefan

Re: Pcompletion for ssh and scp

[Manoj Srivastava]

On Tue, 04 Dec 2007 21:10:34 -0500, Stefan Monnier <monnier@iro.umontreal.ca> said: 

>> hostnames. It also assumes that each hostname is followed by either a
>> space or a comma, which is the case on the systems I've checked but
>> may not be a universal rule.

> All my known_hosts files have "hostnames" that are encoded in the
> following way:

1> bXOTR5GrVkVH4ABavbfZ7f2G0EQ=|drXHp56kwVXBTdc/f92649SXiTw=

> I don't know how widespread this is, but I haven't made anything
> special to get them: I'm using the standard Debian package without any
> special configuation in this respect, so for your feature to be useful
> I think it needs to handle this case.

        If you do not want your hosts to be hashed, you need to add the
 following lines to your ~/.ssh/config:
--8<---------------cut here---------------start------------->8---
Host *
 HashKnownHosts no
--8<---------------cut here---------------end--------------->8---

        I have found that various completion utilities (zsh has one as
 well) work better if I do not have hashing turned on.

        Since this is a user configurable option, perhaps it is OK for
 pcompletion to work for people who have actively turned host hqshing
 off, even if it does not handle hashed hosts?

        manoj
-- 
Oh, I've seen copies [of Linux Journal] around the terminal room at The
Labs. Dennis Ritchie
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Re: Pcompletion for ssh and scp

[Stefan Monnier]

>         If you do not want your hosts to be hashed, you need to add the
>  following lines to your ~/.ssh/config:
> --8<---------------cut here---------------start------------->8---
> Host *
>  HashKnownHosts no
> --8<---------------cut here---------------end--------------->8---

Oh, so they're hashed, not encoded!?
Then indeed, there's nothing you can do with w.r.t completion.
Sorry 'bout that.  I guess the completion you provide is about as good
as it gets.


        Stefan

Re: Pcompletion for ssh and scp

[Phil Hagelberg]

Stefan Monnier <monnier@iro.umontreal.ca> writes:

> All my known_hosts files have "hostnames" that are encoded in the
> following way:
>
>    |1|bXOTR5GrVkVH4ABavbfZ7f2G0EQ=|drXHp56kwVXBTdc/f92649SXiTw=
>
> I don't know how widespread this is, but I haven't made anything special
> to get them: I'm using the standard Debian package without any special
> configuation in this respect, so for your feature to be useful I think
> it needs to handle this case.

Yeah, I mentioned this in the header of the file but forgot to include a
note in my email:

;;; Commentary:

;; This will allow eshell to autocomplete SSH hosts from the list of
;; known hosts in your ~/.ssh/known_hosts file. Note that newer
;; versions of ssh hash the hosts by default to prevent Island-hopping
;; SSH attacks. (https://itso.iu.edu/Hashing_the_OpenSSH_known__hosts_File)
;; You can disable this by putting the following line in your ~/.ssh/config
;; file following the "Host *" directive:

;; HashKnownHosts no

;; Note that this will make you vulnerable to the Island-hopping
;; attack described in the link above if you allow key-based
;; passwordless logins and your account is compromised.

I don't think there's any way to "handle this case" other than making
the user turn off the "hash all hostnames" feature since it is meant to
be one-way to prevent island-hopping attacks. I would like to remove
hashed entries, but I'm not sure if there's a reliable programmatic way
to distinguish them from actual hostnames. I suppose it could assume
that any entry over a certain length is likely to be garbage, but I'd
rather not do that if there's a better way. Any suggestions?

It's a simple fix, but it requires user intervention. I think recent
Debians and derivatives hash by default; not sure what else does.

-Phil

Re: Pcompletion for ssh and scp

[Glenn Morris]

Phil Hagelberg wrote:

> I would like to remove hashed entries, but I'm not sure if there's a
> reliable programmatic way to distinguish them from actual hostnames.

On my system, the hashes always start with |1|. If this is not
universal, you could add a customizable regexp for "hostnames" to be
ignored.

Re: Pcompletion for ssh and scp

[Phil Hagelberg]

Glenn Morris <rgm@gnu.org> writes:

> On my system, the hashes always start with |1|. If this is not
> universal, you could add a customizable regexp for "hostnames" to be
> ignored.

Oh, you're right. How did I miss that?

The attached version limits to hostnames that don't start with "|".

If there are any other issues, please let me know. Otherwise I'd submit
it for inclusion in Emacs.

-Phil

Re: Pcompletion for ssh and scp

[Glenn Morris]

Phil Hagelberg wrote:

> The attached version limits to hostnames that don't start with "|".

I see no attachment here.

Re: Pcompletion for ssh and scp

[Phil Hagelberg]

[-- Attachment #1: Type: text/plain, Size: 226 bytes --]

Glenn Morris <rgm@gnu.org> writes:

> Phil Hagelberg wrote:
>
>> The attached version limits to hostnames that don't start with "|".
>
> I see no attachment here.

Indeed, I must be losing it. This time it's for real.

-Phil


[-- Attachment #2: pcmpl-ssh.el --]
[-- Type: application/emacs-lisp, Size: 3220 bytes --]

[-- Attachment #3: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Pcompletion for ssh and scp

[Edward O'Connor]

Phil Hagelberg wrote:

> I've added support for hostname completion in eshell when using ssh and
> scp. It gathers a list of hostnames from the ~/.ssh/known_hosts file.

Cool.

Could you also complete from 'Host' entries in ~/.ssh/config? I have
lots of shortcut hosts in there like so:

,----[~/.ssh/config]
| Host andromeda
| HostName andromeda.dapyr.net
| 
| Host rakim
| HostName cfhp.org
`----

I'd love to be able to tab-complete from those. I do this in tcsh like
so:

,----[~/.cshrc]
| set ssh_hosts = `grep '^Host[ ][^*]' ~/.ssh/config | cut -c 6-`
| complete ssh 'p/1/$ssh_hosts/'
| 
| foreach host ($ssh_hosts) # $
|     alias $host "ssh -t $host screen -DR"
| end
`----


-- 
Edward O'Connor
hober0@gmail.com

Ense petit placidam sub libertate quietem.

Re: Pcompletion for ssh and scp

[Phil Hagelberg]

Edward O'Connor <hober0@gmail.com> writes:

> Could you also complete from 'Host' entries in ~/.ssh/config? I have
> lots of shortcut hosts in there like so:

I thought about this, but then I asked myself: is it likely that you'll
have something in your config file that hasn't been added to your
known_hosts file? It seems like this is an edge case that only occurs
when you copy a config file to a fresh machine. Once you've SSHed to
that machine, an entry will get added to known_hosts.

So for this entry:
> | Host andromeda
> | HostName andromeda.dapyr.net
scanning the config file doesn't get you anything. You type andr TAB and
you get the right host, except for the first time before it's been added
to known_hosts.

For this one though; that won't work since the alias for the hostname
doesn't resemble the hostname at all.
> | Host rakim
> | HostName cfhp.org

However, this seems like an edge case. I've never come across a
situation like this, and I don't imagine it's very common. If you want
to write a patch that will allow config file parsing, that'd be great,
but it doesn't really interest me since the value/effort ratio seems
quite low.

-Phil

Re: Pcompletion for ssh and scp

[Glenn Morris]

Your copyright papers arrived, and I installed a (tweaked) version of
this in pcmpl-unix.el. Thanks for contributing!