[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#64349] [PATH] Guix service for robust and flexible persistent ssh f
From: |
Bruno Victal |
Subject: |
[bug#64349] [PATH] Guix service for robust and flexible persistent ssh forwarding |
Date: |
Tue, 10 Oct 2023 15:33:16 +0100 |
User-agent: |
Mozilla Thunderbird |
Hi,
> Missing:
>
> * I have not started to work on control masters. When one has many
> connections daemonized to the same remote host, there could (should?)
> be a specialized service type extended only to serve as a control
> master for multiple other forwarding services. It's probably not that
> easy to program correctly.
>
> * It only loads a private key directly from file, no ssh agent. I think
> it's probably quite easy to add.
>
> * I haven't even tried to make host knowing configurable the
> slightest. No one is there to input "yes" when it starts, so I just
> hard coded ssh command switches that should completely tame the
> dreaded "SOMEONE MAY BE DOING SOMETHING NASTY!" and its little
> friends. Still, in the event this module would start to have its small
> user base, I might kind of feel bad about this and something would
> preferably have to be done... if that can possibly be practical.
>
> * I think it can only do point-to-point tunnels, that is to say tun
> devices. Ssh documentation says it also can do tap devices, what they
> call layer 2, which can support DHCP, but in trials I never could get
> it to spit out a working tap tunnel... By using ssh for the network
> side of the tunnel and tunctl or POSIX or whatever applicable system
> calls from a program for the host sides of the tunnel, maybe it's
> possible to do tap devices. It's hard, probably.
>
> * No documentation as of yet. The author also still has to learn how to
> write actual Texinfo docstrings for procedures, sorry about that.
Any updates regarding these items?
> * I have a test script (not shared here) but it does not plug into the
> build system. Also, it deploys multiples VMs to test forwardings in
> situation, which means it can do some very strong testing but it's too
> heavy for a routine build. And the script does other things which are
> either crazy and/or very badly written. I could never have pulled this
> without my horrible shell script, but still, a simple script which
> plugs into the build system would be more desirable.
Can you adapt it or write a test suite for this service? (see gnu/tests/…
for inspiration)
It makes it easier for everyone to test/review and maintain this addition.
--
Furthermore, I consider that nonfree software must be eradicated.
Cheers,
Bruno.
- [bug#64349] [PATH] Guix service for robust and flexible persistent ssh forwarding,
Bruno Victal <=