From: Bruno Victal <mirai@makinata.eu>
To: Maze <maze@whispers-vpn.org>
Cc: 64349@debbugs.gnu.org
Subject: [bug#64349] [PATH] Guix service for robust and flexible persistent ssh forwarding
Date: Tue, 10 Oct 2023 15:33:16 +0100 [thread overview]
Message-ID: <54efe1c6-6a81-497d-8b8b-0b499cfc2acb@makinata.eu> (raw)
In-Reply-To: <87352a4541.fsf@pkbd.org>
Hi,
> Missing:
>
> * I have not started to work on control masters. When one has many
> connections daemonized to the same remote host, there could (should?)
> be a specialized service type extended only to serve as a control
> master for multiple other forwarding services. It's probably not that
> easy to program correctly.
>
> * It only loads a private key directly from file, no ssh agent. I think
> it's probably quite easy to add.
>
> * I haven't even tried to make host knowing configurable the
> slightest. No one is there to input "yes" when it starts, so I just
> hard coded ssh command switches that should completely tame the
> dreaded "SOMEONE MAY BE DOING SOMETHING NASTY!" and its little
> friends. Still, in the event this module would start to have its small
> user base, I might kind of feel bad about this and something would
> preferably have to be done... if that can possibly be practical.
>
> * I think it can only do point-to-point tunnels, that is to say tun
> devices. Ssh documentation says it also can do tap devices, what they
> call layer 2, which can support DHCP, but in trials I never could get
> it to spit out a working tap tunnel... By using ssh for the network
> side of the tunnel and tunctl or POSIX or whatever applicable system
> calls from a program for the host sides of the tunnel, maybe it's
> possible to do tap devices. It's hard, probably.
>
> * No documentation as of yet. The author also still has to learn how to
> write actual Texinfo docstrings for procedures, sorry about that.
Any updates regarding these items?
> * I have a test script (not shared here) but it does not plug into the
> build system. Also, it deploys multiples VMs to test forwardings in
> situation, which means it can do some very strong testing but it's too
> heavy for a routine build. And the script does other things which are
> either crazy and/or very badly written. I could never have pulled this
> without my horrible shell script, but still, a simple script which
> plugs into the build system would be more desirable.
Can you adapt it or write a test suite for this service? (see gnu/tests/…
for inspiration)
It makes it easier for everyone to test/review and maintain this addition.
--
Furthermore, I consider that nonfree software must be eradicated.
Cheers,
Bruno.
next prev parent reply other threads:[~2023-10-10 14:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-29 16:15 [bug#64349] [PATH] Guix service for robust and flexible persistent ssh forwarding Maze
2023-10-10 14:33 ` Bruno Victal [this message]
2023-10-12 14:32 ` Runciter
2023-11-21 16:08 ` Runciter
2023-11-23 16:02 ` Runciter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54efe1c6-6a81-497d-8b8b-0b499cfc2acb@makinata.eu \
--to=mirai@makinata.eu \
--cc=64349@debbugs.gnu.org \
--cc=maze@whispers-vpn.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.