From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id WGS1BtxgJWVNdgEAauVa8A:P1 (envelope-from ) for ; Tue, 10 Oct 2023 16:34:04 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id WGS1BtxgJWVNdgEAauVa8A (envelope-from ) for ; Tue, 10 Oct 2023 16:34:04 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B1C78445F8 for ; Tue, 10 Oct 2023 16:34:03 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1696948444; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=V7PkiND8k8M8Ca0CicNDanoDHwyAFeOBkM0uX7JY77c=; b=g4WQodjKEsY/7jUSOo8HjGbzmFq9zhJeQ6OLXaaNB9nKeumfi8P1CLjvGU0rnoZ+PWubfW bkOrYSaRfdkzt9U0te5bCnor6ehEYjfjhb0NV0Bn8vUcbmKf/p8w5/HADCCsivcw2JSlpz FwBZz30XlZhtpzSdLYyl+vRKdJJN6zJQV3EnY5KOZKk3SIrmntgZocvfrVUqPAiyk8lmX7 zIf/BFO8XCkt/9VCYT/+JCpDBVQz9v5xYHPMHezzAZzZVJ9Pu0fgALxkcF1w9WVg1p6lyd 2bJYf/0MAL/OfcvsDyYmUkevATV66nFpZ2eb7rP1PwZUc2+HQ+1T7tgUFsaOWQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1696948444; a=rsa-sha256; cv=none; b=CoS5Il6YshA8yNLt+otazRZHlTlc3rGTXa8ZAgtQSEWxf7XTp45EV1b+HM76FoBjftEWRu QSSXH8Q7frpG4CdxQsOiA7pXw2EPoMIXOJ4uAEZBjT7kTQbxR0IeMp6AeLFiqTiH7dqCyF x1TsT+aSlKQcEyZgIO6R80iQzIThPBXLFzONMKOyIjq6sLue7J4kk2m2Gjcf6N9bydSl/6 SwOXujGKqDT5uKxzI5y/nF0IgymEmCdY5SMXynOObb/TkGBdl0fkTCg1OPeUlKwIdBI5Hy tfXYuWCQYbsFsoC3Zm4O9ik2tU7MZ6gerUkJVRuoH7/ddPbUo5fQDwLxsZcByg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qqDnz-0001BI-6L; Tue, 10 Oct 2023 10:33:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qqDnp-00015c-B7 for guix-patches@gnu.org; Tue, 10 Oct 2023 10:33:41 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qqDno-0001Wk-Vj for guix-patches@gnu.org; Tue, 10 Oct 2023 10:33:41 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qqDoA-00010M-5i for guix-patches@gnu.org; Tue, 10 Oct 2023 10:34:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#64349] [PATH] Guix service for robust and flexible persistent ssh forwarding Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 10 Oct 2023 14:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64349 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Maze Cc: 64349@debbugs.gnu.org Received: via spool by 64349-submit@debbugs.gnu.org id=B64349.16969484233831 (code B ref 64349); Tue, 10 Oct 2023 14:34:02 +0000 Received: (at 64349) by debbugs.gnu.org; 10 Oct 2023 14:33:43 +0000 Received: from localhost ([127.0.0.1]:36691 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qqDnq-0000zj-Tr for submit@debbugs.gnu.org; Tue, 10 Oct 2023 10:33:43 -0400 Received: from smtpmciv3.myservices.hosting ([185.26.107.239]:50400) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qqDno-0000zW-He for 64349@debbugs.gnu.org; Tue, 10 Oct 2023 10:33:41 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv3.myservices.hosting (Postfix) with ESMTP id E3CCF20387; Tue, 10 Oct 2023 16:33:17 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 64FFC8009E; Tue, 10 Oct 2023 16:33:17 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id qcFx8qaeY-Zo; Tue, 10 Oct 2023 16:33:17 +0200 (CEST) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id CC7E88009C; Tue, 10 Oct 2023 16:33:16 +0200 (CEST) Message-ID: <54efe1c6-6a81-497d-8b8b-0b499cfc2acb@makinata.eu> Date: Tue, 10 Oct 2023 15:33:16 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird References: <87352a4541.fsf@pkbd.org> Content-Language: en-US From: Bruno Victal In-Reply-To: <87352a4541.fsf@pkbd.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx0.migadu.com X-Migadu-Spam-Score: -6.20 X-Spam-Score: -6.20 X-Migadu-Queue-Id: B1C78445F8 X-TUID: peJ2QD7ciua0 Hi, > Missing: > > * I have not started to work on control masters. When one has many > connections daemonized to the same remote host, there could (should?) > be a specialized service type extended only to serve as a control > master for multiple other forwarding services. It's probably not that > easy to program correctly. > > * It only loads a private key directly from file, no ssh agent. I think > it's probably quite easy to add. > > * I haven't even tried to make host knowing configurable the > slightest. No one is there to input "yes" when it starts, so I just > hard coded ssh command switches that should completely tame the > dreaded "SOMEONE MAY BE DOING SOMETHING NASTY!" and its little > friends. Still, in the event this module would start to have its small > user base, I might kind of feel bad about this and something would > preferably have to be done... if that can possibly be practical. > > * I think it can only do point-to-point tunnels, that is to say tun > devices. Ssh documentation says it also can do tap devices, what they > call layer 2, which can support DHCP, but in trials I never could get > it to spit out a working tap tunnel... By using ssh for the network > side of the tunnel and tunctl or POSIX or whatever applicable system > calls from a program for the host sides of the tunnel, maybe it's > possible to do tap devices. It's hard, probably. > > * No documentation as of yet. The author also still has to learn how to > write actual Texinfo docstrings for procedures, sorry about that. Any updates regarding these items? > * I have a test script (not shared here) but it does not plug into the > build system. Also, it deploys multiples VMs to test forwardings in > situation, which means it can do some very strong testing but it's too > heavy for a routine build. And the script does other things which are > either crazy and/or very badly written. I could never have pulled this > without my horrible shell script, but still, a simple script which > plugs into the build system would be more desirable. Can you adapt it or write a test suite for this service? (see gnu/tests/… for inspiration) It makes it easier for everyone to test/review and maintain this addition. -- Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno.