SSH URL

SSH URL

[Esben Stien]

In Emacs, I usually open ssh sessions like this: 

cd /ssh:foo@baz:~

Is there any way in Emacs to open up SSH URLs', like this?: 

ssh://foo:bar@baz

Here's the password included and this is the way I receive SSH urls.

I understand the security aspects of this but I don't care about that
with this project. I use PKI normally, though. 

I use the following python script that accepts SSH urls, but I'd rather
use my beloved emacs. 

#!/usr/bin/env python
import pexpect
import struct, fcntl, os, sys, signal
import urlparse

def sigwinch_passthrough (sig, data):
    # Check for buggy platforms (see pexpect.setwinsize()).
    if 'TIOCGWINSZ' in dir(termios):
        TIOCGWINSZ = termios.TIOCGWINSZ
    else:
        TIOCGWINSZ = 1074295912 # assume
    s = struct.pack ("HHHH", 0, 0, 0, 0)
    a = struct.unpack ('HHHH', fcntl.ioctl(sys.stdout.fileno(), TIOCGWINSZ , s))
    global global_pexpect_instance
    global_pexpect_instance.setwinsize(a[0],a[1])


url = urlparse.urlparse(sys.argv[1]);

ssh_newkey = 'Are you sure you want to continue connecting'
p=pexpect.spawn('ssh'+' '+url.username+':'+url.password+'@'+url.hostname)
i=p.expect([ssh_newkey,'password:',pexpect.EOF,pexpect.TIMEOUT],1)
if i==0:
    print "I say yes"
    p.sendline('yes')
    i=p.expect([ssh_newkey,'password:',pexpect.EOF])
if i==1:
    #print "I give password",
    p.sendline(url.password)
elif i==2:
    print "I either got key or connection timeout"
    pass
elif i==3: #timeout
    pass
p.sendline("\r")
global global_pexpect_instance
global_pexpect_instance = p
signal.signal(signal.SIGWINCH, sigwinch_passthrough)

try:
    p.interact()
    sys.exit(0)
except:
    sys.exit(1)


-- 
Esben Stien is b0ef@e     s      a             
         http://www. s     t    n m
          irc://irc.  b  -  i  .   e/%23contact
           sip:b0ef@   e     e 
           jid:b0ef@    n     n

Re: SSH URL

[Stefan Monnier]

> In Emacs, I usually open ssh sessions like this: 
> cd /ssh:foo@baz:~
> Is there any way in Emacs to open up SSH URLs', like this?: 
> ssh://foo:bar@baz

It should not be terribly hard to add support for the ssh protocol to
the URL library and to the url-handlers.el (using Tramp underneath,
obviously).


        Stefan

Re: SSH URL

[Michael Albinus]

Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> In Emacs, I usually open ssh sessions like this: 
>> cd /ssh:foo@baz:~
>> Is there any way in Emacs to open up SSH URLs', like this?: 
>> ssh://foo:bar@baz
>
> It should not be terribly hard to add support for the ssh protocol to
> the URL library and to the url-handlers.el (using Tramp underneath,
> obviously).

Tramp has denied to add passwords to the file name syntax so far, for
security reasons. I don't believe that I would like to change this policy.

But one could use other means, like password-cache or an own backend for
auth-sources. Both would be transparent to Tramp.

Tramp did support URL file name syntax until Sep 2013. It was dropped
then due to lack of interest ...

I'm undecided yet, but maybe I could start to reenable this, starting
from url-handlers.el. However, this package is dav-centric; I don't know
what it does take to generalize it.

And I would need more encouragement from other people, given that
Tramp's URL implementation was completely ignored ...

>         Stefan

Best regards, Michael.

Re: SSH URL

[Stefan Monnier]

> Tramp has denied to add passwords to the file name syntax so far, for
> security reasons. I don't believe that I would like to change this policy.

Agreed.  My suggestion was only to change url-handlers.el (and probably
add a url-ssh.el), not to change Tramp.

> And I would need more encouragement from other people, given that
> Tramp's URL implementation was completely ignored ...

AFAIK this "ssh://" syntax is not standardized (E.g. Bazaar uses
"bzr+ssh://"), which is probably a good reason why it's not very
popular.


        Stefan

Re: SSH URL

[Michael Albinus]

Stefan Monnier <monnier@IRO.UMontreal.CA> writes:

>> And I would need more encouragement from other people, given that
>> Tramp's URL implementation was completely ignored ...
>
> AFAIK this "ssh://" syntax is not standardized (E.g. Bazaar uses
> "bzr+ssh://"), which is probably a good reason why it's not very
> popular.

The IETF documents a draft at least,
<http://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04>. It
hasn't found its way into an accepted rfc (AFAIK), but we could use it.

IANA documents it as known scheme, <https://www.iana.org/assignments/uri-schemes/prov/ssh>.

Other connection methods, supported by Tramp, are accepted as rfc, like
ftp, telnet (RFC 3986), or rsync (RFC 5781).

>         Stefan

Best regards, Michael.

Re: SSH URL

[Esben Stien]

Michael Albinus <michael.albinus@gmx.de> writes:

> Tramp has denied to add passwords to the file name syntax so far, for
> security reasons. I don't believe that I would like to change this policy.

Is there any way I could get around this?

I have a specific use case where this would save me lots of time and the
security aspects are nothing I worry about. 

These are ssh urls to restricted accounts for websites.

I basically want to just follow the url and be logged into the site, do
my thing and get out. 

-- 
Esben Stien is b0ef@e     s      a             
         http://www. s     t    n m
          irc://irc.  b  -  i  .   e/%23contact
           sip:b0ef@   e     e 
           jid:b0ef@    n     n

Re: SSH URL

[Michael Albinus]

Esben Stien <b0ef@esben-stien.name> writes:

>> Tramp has denied to add passwords to the file name syntax so far, for
>> security reasons. I don't believe that I would like to change this policy.
>
> Is there any way I could get around this?

Yesterday, during a boring hour, I've added some glue code to
url-handlers.el. Didn't look bad, when I've tested in *scratch*

(progn
  (url-handler-mode 1)
  (insert-directory "ssh:///" "-al" nil 'full))

For the password thing, you could use Tramp's password caching
mechanism. Or you could add an entry to .authinfo; Tramp uses
auth-source.el if appropriate.

> I have a specific use case where this would save me lots of time and the
> security aspects are nothing I worry about. 
>
> These are ssh urls to restricted accounts for websites.
>
> I basically want to just follow the url and be logged into the site, do
> my thing and get out. 

I have no idea what you mean with this. Could you give me an example of
what you're doing, usually?

Best regards, Michael.

Re: SSH URL

[Michael Albinus]

Stefan Monnier <monnier@IRO.UMontreal.CA> writes:

> Agreed.  My suggestion was only to change url-handlers.el (and probably
> add a url-ssh.el), not to change Tramp.

I've added url-tramp.el to the trunk, plus changes in
url-handlers.el. Works pretty well for simple cases, but needs more
massage for primitives returning complex objects, like 
(directory-files "scp:///tmp" 'full)

I'll continue to work on it. Maybe it will be possible to enhance the
tests in tramp-tests.el for this url-like syntax, this would help to
finish the work.

>         Stefan

Best regards, Michael.

PS: Starting tomorrow morning, I'll be on the road. Don't expect me to
react before weekend.

Re: SSH URL

[Stefan Monnier]

> I've added url-tramp.el to the trunk, plus changes in
> url-handlers.el. Works pretty well for simple cases, but needs more
> massage for primitives returning complex objects, like 
> (directory-files "scp:///tmp" 'full)

Cool, thanks,


        Stefan