From: Efraim Flashner <efraim@flashner.co.il>
To: 63786@debbugs.gnu.org
Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean
Date: Sun, 11 Jun 2023 10:49:58 +0300 [thread overview]
Message-ID: <ZIV8pvv8U5ras1X2@3900XT> (raw)
In-Reply-To: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il>
[-- Attachment #1.1: Type: text/plain, Size: 469 bytes --]
options in ssh-config.
Reply-To:
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
For some reason this didn't get sent to the bug.
--
Efraim Flashner <efraim@flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #1.2: Type: message/rfc822, Size: 4864 bytes --]
[-- Attachment #1.2.1.1: Type: text/plain, Size: 3024 bytes --]
On Thu, Jun 08, 2023 at 10:57:37PM +0200, Ludovic Courtès wrote:
> Hello!
>
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> >>From man 5 ssh_config:
> > Unless noted otherwise, for each parameter, the first obtained value
> > will be used.
> >
> > We want to allow falling through to the first actual user defined value.
>
> What do you mean by “first actual user-defined value”? This service is
> what generates all the “user-defined values”, no?
Right now my ~/.ssh/config has
Host do1-tor
Hostname <insert tor address>
IdentityFile ~/.ssh/id_ed25519
Host *.onion *-tor
#ProxyCommand /gnu/store/dgvybjrj154f4cyfbkrbqyirv5gd8ic2-netcat-openbsd-1.218-2/bin/nc -X 5 -x localhost:9050 %h %p
ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p
ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p
Compression yes
The way the ssh config is read is that `ssh do1-tor` first matches
do1-tor and then also matches *-tor, so I can factor our ProxyCommand,
ControlPath and Compression for use with the other *-tor Hosts I have
listed.
This configuration could be
(openssh-host (name "do1-tor")
(host-name <insert tor address>)
(identity-file "~/.ssh/id_ed25519"))
(openssh-host (name "*-onion *-tor)
(compression? #t)
(proxy
(proxy-command ...))
(extra-content " ControlPath ...\n"))
If this is all I enter, then my .ssh/config is generated like this:
Host do1-tor
Hostname <insert tor address>
IdentityFile ~/.ssh/id_ed25519
ForwardX11 no
ForwardX11Trusted no
ForwardAgent no
Compression no
Host *.onion *-tor
ForwardX11 no
ForwardX11Trusted no
ForwardAgent no
Compression yes
ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p
ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p
Compression might default to no, but in my hand crafted .ssh/config I've
set it to yes for *-tor Hosts. Forward* might all default to no, and
it's not set anywhere, but being explicit about the default here could
cause problems if I want X11 forwarding across an entire range of hosts,
not just individual ones.
> Overall my take is that default values should be specified in our code
> (as default values of configuration record fields) rather than left
> unspecified. I think this is clearer and more predictable than relying
> on upstream’s default values.
In general this is a good plan, but here it actually interferes with the
expected configuration output. 'Fall through' is the default, not the
actual default for each of the individual configuration options. They
only get set if that field isn't set by any of the possibly multiple
configuration matches set it first.
--
Efraim Flashner <efraim@flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #1.2.1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2023-06-11 7:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-29 14:52 [bug#63786] [PATCH] home: services: ssh: Allow unset boolean options in ssh-config Efraim Flashner
2023-06-08 20:57 ` Ludovic Courtès
2023-06-11 7:49 ` Efraim Flashner [this message]
2023-06-12 4:58 ` [bug#63786] [PATCH] home: services: ssh: Allow unset boolean Andrew Tropin
2023-06-14 19:16 ` bug#63786: " Efraim Flashner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZIV8pvv8U5ras1X2@3900XT \
--to=efraim@flashner.co.il \
--cc=63786@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).