unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
From: Efraim Flashner <efraim@flashner.co.il>
To: 63786@debbugs.gnu.org
Subject: [bug#63786] [PATCH] home: services: ssh: Allow unset boolean
Date: Sun, 11 Jun 2023 10:49:58 +0300	[thread overview]
Message-ID: <ZIV8pvv8U5ras1X2@3900XT> (raw)
In-Reply-To: <6f1959b0041895af538fec1b72a02d7767451767.1685371966.git.efraim@flashner.co.il>


[-- Attachment #1.1: Type: text/plain, Size: 469 bytes --]

options in ssh-config.
Reply-To: 
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351

For some reason this didn't get sent to the bug.

-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #1.2: Type: message/rfc822, Size: 4864 bytes --]

[-- Attachment #1.2.1.1: Type: text/plain, Size: 3024 bytes --]

On Thu, Jun 08, 2023 at 10:57:37PM +0200, Ludovic Courtès wrote:
> Hello!
> 
> Efraim Flashner <efraim@flashner.co.il> skribis:
> 
> >>From man 5 ssh_config:
> > Unless noted otherwise, for each parameter, the first obtained value
> > will be used.
> >
> > We want to allow falling through to the first actual user defined value.
> 
> What do you mean by “first actual user-defined value”?  This service is
> what generates all the “user-defined values”, no?

Right now my ~/.ssh/config has

Host do1-tor
    Hostname <insert tor address>
    IdentityFile ~/.ssh/id_ed25519
Host *.onion *-tor
    #ProxyCommand /gnu/store/dgvybjrj154f4cyfbkrbqyirv5gd8ic2-netcat-openbsd-1.218-2/bin/nc -X 5 -x localhost:9050 %h %p
    ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p
    ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p
    Compression yes

The way the ssh config is read is that `ssh do1-tor` first matches
do1-tor and then also matches *-tor, so I can factor our ProxyCommand,
ControlPath and Compression for use with the other *-tor Hosts I have
listed.

This configuration could be
(openssh-host (name "do1-tor")
              (host-name <insert tor address>)
              (identity-file "~/.ssh/id_ed25519"))
(openssh-host (name "*-onion *-tor)
              (compression? #t)
              (proxy
               (proxy-command ...))
              (extra-content "  ControlPath ...\n"))

If this is all I enter, then my .ssh/config is generated like this:

Host do1-tor
  Hostname <insert tor address>
  IdentityFile ~/.ssh/id_ed25519
  ForwardX11 no
  ForwardX11Trusted no
  ForwardAgent no
  Compression no
Host *.onion *-tor
  ForwardX11 no
  ForwardX11Trusted no
  ForwardAgent no
  Compression yes
  ProxyCommand /home/efraim/bin/openbsd-netcat -X 5 -x localhost:9050 %h %p
  ControlPath ${XDG_RUNTIME_DIR}/%r@%k-%p

Compression might default to no, but in my hand crafted .ssh/config I've
set it to yes for *-tor Hosts. Forward* might all default to no, and
it's not set anywhere, but being explicit about the default here could
cause problems if I want X11 forwarding across an entire range of hosts,
not just individual ones.

> Overall my take is that default values should be specified in our code
> (as default values of configuration record fields) rather than left
> unspecified.  I think this is clearer and more predictable than relying
> on upstream’s default values.

In general this is a good plan, but here it actually interferes with the
expected configuration output. 'Fall through' is the default, not the
actual default for each of the individual configuration options. They
only get set if that field isn't set by any of the possibly multiple
configuration matches set it first.


-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #1.2.1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  parent reply	other threads:[~2023-06-11  7:51 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-29 14:52 [bug#63786] [PATCH] home: services: ssh: Allow unset boolean options in ssh-config Efraim Flashner
2023-06-08 20:57 ` Ludovic Courtès
2023-06-11  7:49 ` Efraim Flashner [this message]
2023-06-12  4:58   ` [bug#63786] [PATCH] home: services: ssh: Allow unset boolean Andrew Tropin
2023-06-14 19:16     ` bug#63786: " Efraim Flashner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZIV8pvv8U5ras1X2@3900XT \
    --to=efraim@flashner.co.il \
    --cc=63786@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).