Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ResolveCommand hostname when creating ssh config #244

Open
herver opened this issue Apr 26, 2017 · 4 comments
Open

Use ResolveCommand hostname when creating ssh config #244

herver opened this issue Apr 26, 2017 · 4 comments
Labels
Question

Comments

@herver
Copy link

herver commented Apr 26, 2017

Hello,

I'm trying to use assh in combination with kerberos authentication, and there is a small issue, here's my configuration:

hosts:
  "osd.[0-9]*.ceph1":
    ResolveCommand: /bin/sh -c "ceph --cluster ceph1 osd find $(echo %h | sed -E 's/osd.([0-9]+).ceph1/\1/') | jq -r .crush_location.host"

The ResolveCommand returns the correct hostname, but when ssh is connecting to the machine, it mentions the hostname I type on the command line, and not the resolved one. This prevents SSH from using Kerberos authentication because the hostname provided by ASSH doesn't match any entry on the Kerberos database.

[...]
debug1: Host 'osd.12.ceph1' is known and matches the ECDSA host key.
[...]
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Server not found in Kerberos database
@moul moul added the Question label May 29, 2017
@moul
Copy link
Owner

moul commented May 29, 2017

Hi @herver, thank you for your feedback

Can you confirm me that the expected behavior is that assh generates the result of the ResolveCommand as Hostname in the generated .ssh/config host?

Example:

hosts:
  "osd.[0-9]*.ceph1":
    ResolveCommand: /bin/sh -c "ceph --cluster ceph1 osd find $(echo %h | sed -E 's/osd.([0-9]+).ceph1/\1/') | jq -r .crush_location.host"
Host osd.42.ceph1
  Hostname: 1.2.3.4 (result of the ResolveCommand)

Host osd.1337.ceph1
  Hostname: 5.6.7.8 (result of the ResolveCommand)

@herver
Copy link
Author

herver commented May 30, 2017

Hi @moul,

This is exactly what I would expect,

  • Today it generates the following:
INFO[0000] Host osd.12.ceph1                           
INFO[0000]   Port 22                                    
INFO[0000]   # HostName: osd.12.ceph1                  
INFO[0000]   # KnownHostOf: osd.12.ceph1               
INFO[0000]   # ResolveCommand: /bin/sh -c "ceph --cluster ceph1 osd find $(echo %h | sed -E 's/osd.([0-9]+).ceph1/\1/') | jq -r .crush_location.host"
  • I would expect
[...]            
INFO[0000]   # HostName: 1.2.3.4           
[...]

@moul
Copy link
Owner

moul commented May 30, 2017

I suspect Kerberos authentication to look for an uncommented HostName, but due to a limitation in the way ssh works, I need to comment HostName in the generated .ssh/config file (#116)

Before trying to run the ResolveCommand when creating the ssh config file, can you just confirm me that it will fix your problem; can you try to update the generated .ssh/config file and replace the value of # HostName (keep it commented)?

I will try to setup a Kerberos test environment to give a try by myself

@herver
Copy link
Author

herver commented May 30, 2017
edited
Loading

I tried with both HostName commented and uncommented.

As you feared, it requires the HostName to be uncommented to work, otherwise it asks for a principal called Name which doesn't exist in the Kerberos realm...

@moul moul self-assigned this Aug 6, 2017
@moul moul removed their assignment Sep 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moul @herver