nix-delegate icon indicating copy to clipboard operation
nix-delegate copied to clipboard
verified publisher icon awakesecurity

Can't specify remote port

Open Warbo opened this issue 7 years ago • 2 comments

Thanks for the tool. I thought I'd document a problem I ran into using nix-delegate, in case it helps others. I found a workaround (specifying the port in ~/.ssh/config), which might be useful for documentation.

I have a remote machine accessible via an SSH tunnel on localhost port 22222, but nix-delegate doesn't support hostnames like user@localhost:22222:

$ nix-delegate --host user@localhost:22222 nix-build -E 'with import <nixpkgs> {}; bash'
ssh: Could not resolve hostname localhost:22222: Name or service not known
nix-delegate: user error ([x] Could not ensure that the remote machine has signing keys installed

    Debugging tips:

    1. Check if you can log into the remote machine by running:

        $ ssh user@localhost:22222

    2. If you can log in, then check if you have permission to `sudo` without a
       password by running the following command on the remote machine:

        $ sudo -n true
        $ echo $?
        0

    Original error: ShellFailed {shellCommandLine = "ssh user@localhost:22222 'test -e /etc/nix/signing-key.sec || sudo sh -c \"(umask 277 && $(nix-build --no-out-link \"<nixpkgs>\" -A libressl)/bin/openssl genrsa -out /etc/nix/signing-key.sec 2048) && $(nix-build --no-out-link \"<nixpkgs>\" -A libressl)/bin/openssl rsa -in /etc/nix/signing-key.sec -pubout > /etc/nix/signing-key.pub\"'", shellExitCode = ExitFailure 255}
)

The suggested ssh command wouldn't work either, but ssh -p 22222 user@localhost would. I tried passing a -p option to nix-delegate but it complained (understandably) that there's no such option.

From reading the nix-delegate code, I saw that the host gets passed to rsync and I found a stackoverflow answer which suggests specifying the port in ~/.ssh/config. I tried that and it works! The config I added is:

Host desktop
    Hostname localhost
    User user
    Port 22222

Now I can use desktop as the host. Maybe this could be suggested either in the README, or if :[0-9]+ is spotted in the host name?

Warbo avatar Jun 21 '18 16:06 Warbo

I just learned about the NIX_SSHOPTS env var, which might have been useful instead!

Warbo avatar Jun 21 '18 16:06 Warbo

Thanks for writing a detailed issue ticket! I agree we should at-least document this edge-case better. I also think we can do a few things to improve the user experience so you can supply a host string the way you were trying to.

ixmatus avatar Jun 21 '18 23:06 ixmatus