kamal icon indicating copy to clipboard operation
kamal copied to clipboard
verified publisher icon basecamp

SSH: allow setting `config: false` to ignore local user `~/.ssh/config`

Open jeremy opened this issue 1 year ago • 2 comments

Documents the existing config option so it can be set via Kamal config. Allows setting config: false to ignore users' ~/.ssh/config.

jeremy avatar Aug 13 '24 20:08 jeremy

@jeremy are you sure that it exists? I cannot find it, to be honest.

igor-alexandrov avatar Sep 30 '24 09:09 igor-alexandrov

You mean the sshkit config option, or ?

jeremy avatar Sep 30 '24 19:09 jeremy

It eventually lands in Net::SSH.start which passes it to Net::SSH.configuration_for to determine which config files to parse.

Can verify by passing config: /some/other/path.conf and verifying the config is parsed or by enabling/disabling and verifying that default config is/isn't parsed (net-ssh defaults to parsing all of %w[ ~/.ssh/config /etc/ssh_config /etc/ssh/ssh_config ]).

jeremy avatar Oct 02 '24 05:10 jeremy

@jeremy thanks for the explanation.

igor-alexandrov avatar Oct 02 '24 05:10 igor-alexandrov

I saw this change on the documentation site, but anything else than a boolean isn't accepted.

Specifically this:

Set to [...], or to a file path (or array of paths) to load specific configuration. [...]

ssh:
  config: "config/ssh_config"

❯ kamal config
  ERROR (Kamal::ConfigurationError): ssh/config: should be a boolean

I tested this on both 2.2.2 and 74a06b0ccda616c86ebe1729d0795f39bcac9f00.

Burgestrand avatar Oct 17 '24 09:10 Burgestrand

I made a PR #1129 that seems to make this config option do something.

Burgestrand avatar Oct 17 '24 10:10 Burgestrand

@Burgestrand note this applies to sshkit config, not ssh. Definitely confusing that it doesn't apply elsewhere - probably should have made this an sshkit-specific config and plumbed it through.

jeremy avatar Oct 17 '24 16:10 jeremy

@Burgestrand note this applies to sshkit config, not ssh. Definitely confusing that it doesn't apply elsewhere - probably should have made this an sshkit-specific config and plumbed it through.

@jeremy I don't understand, but I'd like to.

This change was made to lib/kamal/configuration/docs/ssh.yml, which is specifically ssh.

sshkit has its own configuration file in lib/kamal/configuration/docs/sshkit.yml, which doesn't mention anything about this option.

Burgestrand avatar Oct 17 '24 18:10 Burgestrand

Yep, it's confusing for sure.

SSHKit is configured with config.ssh.options here: https://github.com/basecamp/kamal/blob/74a06b0ccda616c86ebe1729d0795f39bcac9f00/lib/kamal/commander.rb#L167

From there can trace along with https://github.com/basecamp/kamal/pull/908#issuecomment-2387652198

jeremy avatar Oct 17 '24 18:10 jeremy

Hmm, indeed! That is the limited/curated set of options. I'll take a closer look at how I was getting the raw config through to SSHKit in my testing.

jeremy avatar Oct 17 '24 18:10 jeremy