From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id uDXfLYUcKGV9TgEAG6o9tA:P1 (envelope-from ) for ; Thu, 12 Oct 2023 18:19:18 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:478a::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id uDXfLYUcKGV9TgEAG6o9tA (envelope-from ) for ; Thu, 12 Oct 2023 18:19:17 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7CDDE4608E for ; Thu, 12 Oct 2023 18:19:17 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1697127557; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=Jpt47qjKTi9zcy4wS6VM0MjSZ4YXdppnthQupdPDtTY=; b=XNQo0QaPgN8xD4z11wfMypdfXUtfnBJPVImcY0JJov2abewFbXBQUv2ejwqjfamck8Hgct 3uyG9YjNELnz6XpC2YB+ndbV+qfAgY4M19G2bZA+IZnzMZHuCHQJkdFoNfB0+duQAB9Lh+ x5h3Wp3LCRve8zYJU59AwVGMxIj8tpbcKmFq0I9cJ9GoeReGKSPQteKKHzqv0qrd3KFUzI r5m6IZkrKorkkY2arwOIJjjrTuE8Hu2yISk7XFL9H93ookskBx03U8WVLoYAK56tTtm9Ob yfFG5o6yKfxCm/JPartG/Y2LfllOs5/o4G9rfDYhXZUW44Wr+f6yrenVsqz7pQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1697127557; a=rsa-sha256; cv=none; b=GvrH4IR3FUA8VbqK+oRA+NxJKLLdT9/Bui8zlqyaF4ExGV0oeqipfj3pNGQPxZYjir3AMN MOx38IsMndRwhYwaPDQzKw0cDXNLp9DIjEPveDOF9dAiFkGAeRNF0Pmw+mA/2zeTOAn6Zr 75MwythuCTv8w51XCyyvTILWEN2er70/Ki+zZM8OaaBeFUOOtPdLfs8Ivq+O/lEJ4Fd5AQ 3ZX7g5m274icLU9X1rKoqfYI8zs0iVvkBBJtNcoYaaQ5Qrej+cGyGaCS/bT2H6mWeX/K3m JNhVN5Yj0l223HL0fj+bdRcUOrSmQ04FUh3d4gp1CQRrWM9jZDOV01o3IoJviA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qqyOs-0002f3-0m; Thu, 12 Oct 2023 12:19:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qqy2G-000513-70 for guix-patches@gnu.org; Thu, 12 Oct 2023 11:55:40 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qqy2F-0003n4-VK for guix-patches@gnu.org; Thu, 12 Oct 2023 11:55:39 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qqy2c-0007pl-D8 for guix-patches@gnu.org; Thu, 12 Oct 2023 11:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#64349] [PATH] Guix service for robust and flexible persistent ssh forwarding Resent-From: Runciter Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 12 Oct 2023 15:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64349 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch moreinfo To: Bruno Victal Cc: Maze , 64349@debbugs.gnu.org Received: via spool by 64349-submit@debbugs.gnu.org id=B64349.169712611330041 (code B ref 64349); Thu, 12 Oct 2023 15:56:02 +0000 Received: (at 64349) by debbugs.gnu.org; 12 Oct 2023 15:55:13 +0000 Received: from localhost ([127.0.0.1]:44181 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qqy1n-0007oS-OH for submit@debbugs.gnu.org; Thu, 12 Oct 2023 11:55:12 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:58695) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qqwjz-0004gH-Nk for 64349@debbugs.gnu.org; Thu, 12 Oct 2023 10:32:46 -0400 Received: from ubik (unknown [106.47.200.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id E6B9D5647BE; Thu, 12 Oct 2023 16:32:16 +0200 (CEST) From: Runciter In-Reply-To: <54efe1c6-6a81-497d-8b8b-0b499cfc2acb@makinata.eu> (Bruno Victal's message of "Tue, 10 Oct 2023 15:33:16 +0100") References: <87352a4541.fsf@pkbd.org> <54efe1c6-6a81-497d-8b8b-0b499cfc2acb@makinata.eu> Date: Thu, 12 Oct 2023 22:32:09 +0800 Message-ID: <87cyxj7vyu.fsf@pkbd.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Thu Oct 12 16:32:19 2023 +0200 (CEST)) X-Mailman-Approved-At: Thu, 12 Oct 2023 11:49:55 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Thu, 12 Oct 2023 12:18:55 -0400 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: -6.40 X-Migadu-Queue-Id: 7CDDE4608E X-Migadu-Scanner: mx0.migadu.com X-Migadu-Spam-Score: -6.40 X-TUID: lSIOZKtBVFjQ Bruno Victal writes: Hello, > Hi, > >> Missing: >>=20 >> * I have not started to work on control masters. When one has many >> connections daemonized to the same remote host, there could (should?) >> be a specialized service type extended only to serve as a control >> master for multiple other forwarding services. It's probably not that >> easy to program correctly. >>=20 >> * It only loads a private key directly from file, no ssh agent. I think >> it's probably quite easy to add. >>=20 >> * I haven't even tried to make host knowing configurable the >> slightest. No one is there to input "yes" when it starts, so I just >> hard coded ssh command switches that should completely tame the >> dreaded "SOMEONE MAY BE DOING SOMETHING NASTY!" and its little >> friends. Still, in the event this module would start to have its small >> user base, I might kind of feel bad about this and something would >> preferably have to be done... if that can possibly be practical. >>=20=20=20 >> * I think it can only do point-to-point tunnels, that is to say tun >> devices. Ssh documentation says it also can do tap devices, what they >> call layer 2, which can support DHCP, but in trials I never could get >> it to spit out a working tap tunnel... By using ssh for the network >> side of the tunnel and tunctl or POSIX or whatever applicable system >> calls from a program for the host sides of the tunnel, maybe it's >> possible to do tap devices. It's hard, probably. >>=20 >> * No documentation as of yet. The author also still has to learn how to >> write actual Texinfo docstrings for procedures, sorry about that. > > Any updates regarding these items? No update as of yet on any of these items. I've been working on a VPN on top of the ssh tunneler. For which I have obtained basic functionality, but it's still not quite ready even for my personal use. While I'm gradually improving the VPN I'm reluctant to add features to the underlying ssh tunneler services. Still, I can focus on documenting the services I submitted right now, and make clean docstrings for the procedures. > >> * I have a test script (not shared here) but it does not plug into the >> build system. Also, it deploys multiples VMs to test forwardings in >> situation, which means it can do some very strong testing but it's too >> heavy for a routine build. And the script does other things which are >> either crazy and/or very badly written. I could never have pulled this >> without my horrible shell script, but still, a simple script which >> plugs into the build system would be more desirable. > > Can you adapt it or write a test suite for this service? (see gnu/tests/= =E2=80=A6 > for inspiration) > It makes it easier for everyone to test/review and maintain this addition. There's facilities that are used in the test suite of gdm to create a "marionette" operating system, probably this is what I should look into. So I'll stop working on my VPN for a little while and do 2 things: * Document the ssh-tunneler.scm service file which I previously submitted. * Try to create a scheme test suite for the services in ssh-tunneler.scm. I have to learn a few things to do this. Hopefully I can get back to you at the end of this month with a submission.