bug#41238: guix deploy close ssh session after each store items sent

bug#41238: guix deploy close ssh session after each store items sent

[Brice Waegeneire]

Hey Guix,

“guix deploy” bugs; they keep coming! “guix deploy” doesn't make use of 
SSH
channels[0], instead it close the SSH session each time after sending 
store
items. This may be unnoticeable by users using a password-less SSH key
(bad!) or an SSH agent (better!) but for the other it mean entering the
password ~5 times per host per deployment which get old very quick. In 
my
case I use a keycard that require me to physically interact with it for
each authentication request, it means multiple touch per deployment,
reducing it just one would be a great relief.

[0]: 
https://github.com/artyom-poptsov/guile-ssh/blob/b11182d5582844df0c8d1fcb7177ff85f8ac3bcd/doc/api-sessions.texi#L17

- Brice

bug#41238: guix deploy close ssh session after each store items sent

[Oleg Pykhalov]

[-- Attachment #1: Type: text/plain, Size: 382 bytes --]

Brice Waegeneire <brice@waegenei.re> writes:

> “guix deploy” bugs; they keep coming! “guix deploy” doesn't make use of SSH
> channels[0], instead it close the SSH session each time after sending store
> items.

Did you try a built in SSH's “Control*” feature?

ssh_config (0)

  ControlMaster auto
  ControlPath ~/.ssh/master-%r@%h:%p
  ControlPersist yes

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#41238: guix deploy close ssh session after each store items sent

[Brice Waegeneire]

On 2020-05-15 06:59, Oleg Pykhalov wrote:
> Brice Waegeneire <brice@waegenei.re> writes:
> 
>> “guix deploy” bugs; they keep coming! “guix deploy” doesn't make use 
>> of SSH
>> channels[0], instead it close the SSH session each time after sending 
>> store
>> items.
> 
> Did you try a built in SSH's “Control*” feature?
> 
> ssh_config (0)
> 
>   ControlMaster auto
>   ControlPath ~/.ssh/master-%r@%h:%p
>   ControlPersist yes

Of course, it's my default setting for SSH (and the host I tried to 
deploy
to). But “guix deploy” don't support it; it's the core of the issue 
here.

I didn't mention those options in the initial bug report because IFAIK 
the
ssh functionality for “guix deploy” is provided by guile-ssh, a wrapper
around libssh which isn't related to OpenSSH in any way. So the 
“Control*”
options doesn't apply here, instead they talk about channels and 
session[0]
which seems to be the terms used in the SSH specification.

[0]: https://api.libssh.org/stable/libssh_tutor_guided_tour.html

bug#41238: guix deploy close ssh session after each store items sent

[Brice Waegeneire]

Hello Guix,

Brice Waegeneire <brice@waegenei.re> writes:

> “guix deploy” bugs; they keep coming! “guix deploy” doesn't make use of SSH
> channels[0], instead it close the SSH session each time after sending store
> items.

[...]

Ludo‘ fixed the issue with the commit 7f20e59a13a6acc3331e04185b8f1ed2538dcd0a.

For posterity, here is the workaround I was using a few month ago and is now
unecessary. The session filed needed to be manually set with a call to
"openssh-ssh-session" from (guix ssh):

--8<---------------cut here---------------start------------->8---
(machine-ssh-configuration
  (host-name "foo")
  (system "x86_64-linux")
  (session (open-ssh-session "foo" #:user "root"))
  (host-key "..."))
--8<---------------cut here---------------end--------------->8---

Currently the following suffice:

--8<---------------cut here---------------start------------->8---
(machine-ssh-configuration
  (host-name "foo")
  (system "x86_64-linux")
  (user "root") 
  (host-key "..."))
--8<---------------cut here---------------end--------------->8---

Cheers,
- Brice