moul
Several questions
I'm an experienced ssh user and new to assh. I have several questions about assh, some of which may be actual issues. I'm grouping them into one issue as a first pass to keep noise down.
-
I have
serveraliveinterval: 60in my defaults.assh config listdisplays this asServerAliveInterval: <. Why is it displaying<instead of60? -
Is support planned for ProxyJump? It's the preferred alternative to -W/nc.
-
When my assh config has a host entry with no hostname (for example. "bastion.domain.com"),
assh config listdisplays this asuser@[hostname_not_specified]. Shouldn't this fallback to displaying the given host? Currently, I need a redundanthostnamekey in my config to fix the output. -
Prepending "[custom options] foo=bar" in
assh config listis hard to parse visually, because regular options are at a different indent level. Could this be "foo=bar [override]" instead? -
assh wrapper sshdoesn't support-vv. I expected this to pass through to ssh. -
Running
assh connect host.domain.com --dry-runseems to always fail with "No such available gateway", even whenassh wrapper ssh host.domain.comworks. -
Is there any way to see the full ssh command generated by
assh connect? Currently, "Executing proxy command: exec assh connect --port=22 host.domain.com", which helps for debugging assh problems, but not one level down for problems with ssh. -
Why does
aliascreate a separate entry in ~/.ssh/config? ssh already supports "Host name othername" for multiple aliases.
Hi @pikeas, thank you for all these questions; it helps me to understand the usage and feeling of users 👍
- I have
ServerAliveInterval: 60in my defaults.assh config listdisplays this asServerAliveInterval: <. Why is it displaying<instead of60?
< is the ascii representation of 60, see 
so basically I need to be sure that I print integer values as integer values and not as characters
- Is support planned for ProxyJump? It's the preferred alternative to -W/nc.a
Good idea, I need to give more tests to this feature so it can be integrated transparently in assh.
Depending on my tests, it will probably become the new default way of connecting to hosts
- When my assh config has a host entry with no hostname (for example. "bastion.domain.com"),
assh config listdisplays this asuser@[hostname_not_specified]. Shouldn't this fallback to displaying the given host? Currently, I need a redundanthostnamekey in my config to fix the output.
Ok, I need to think a little bit more about doing it globally or only for hosts that aren't wildcards or regexp
Two main options:
- always applying the host key in place of a missing
Hostname - using host key for bare names and keeping something special for wildcards and regex
What do you think?
- Prepending "[custom options] foo=bar" in
assh config listis hard to parse visually, because regular options are at a different indent level. Could this be "foo=bar [override]" instead?
Good idea, I will do it
assh wrapper sshdoesn't support-vv. I expected this to pass through to ssh.
Yes, the library used to parse CLI commands does not support "Count boolean" flags yet, so I need to send a PR to this library first, or use a custom parsing just for this command
As a quick fix, you should be able to call ssh without the wrapper, i.e., by prepending a backslash before ssh to tell your shell not to use aliases: $ \ssh ...
- Running
assh connect host.domain.com --dry-runseems always to fail with "No such available gateway", even whenassh wrapper ssh host.domain.comworks.
That comes from the way --dry-run is developed; this option does everything normally except the network connection that will always fail
This option is particularly useful when developing, which usage do you expect from this option, as a user?
- Is there any way to see the full ssh command generated by
assh connect? Currently, "Executing proxy command: exec assh connect --port=22 host.domain.com", which helps for debugging assh problems, but not one level down for problems with ssh.
Try $ assh -D connect or $ export ASSH_DEBUG=1; assh connect
- Why does
aliascreate a separate entry in ~/.ssh/config? ssh already supports "Host name othername" for multiple aliases.
I can't remember if it was intentional or not; I will try to switch to the built-in alias support for assh alias and known hosts wildcard hosts
Thanks again for these questions PS: I will create dedicated issues soon
Thanks for the reply, @moul! Would you like separate issues for the changes in 1, 2, and 4?
3: (hostname not specified) - No strong feelings on my end about what's displayed.
5: (ssh -vv) - Thinking about it some more, this is a bigger scope than -vv. What I'm really looking for is assh wrapper ssh to look and act as much like ssh as possible, since the generated ~/.ssh/config isn't usable by ssh. That's a harder problem to solve.
6: (assh connect --dry-run) - My expectation is that this command will succeed if my config is valid, and show me what the connection will look like. When it failed, I assumed that meant I had a problem with that host. I think your answer to 7) is what I really need. :-)
8: (ssh aliases) - I've realized there's another issue here.
Example ssh config:
Host foo*.bar
IdentityFile ~/ssh/special
Host *.bar
User me
IdentitifyFile ~/ssh/regular
ssh uses the first value found for each setting. This config will use the regular key for all *.bar servers but use the special key for all foo*.bar servers. But if I create the same config in assh:
hosts:
"foo*.bar":
identityfile: ~/ssh/special
"*.bar":
identityfile: ~/ssh/regular
user: me
This generates the following config file:
Host *.bar
IdentityFile ~/ssh/regular
User me
Host foo*.bar
IdentityFile ~/ssh/special
The ordering has been reversed! This will use the wrong key file for foo servers.
Thanks for the reply, @moul! Would you like separate issues for the changes in 1, 2, and 4?
Yes, definitely! 🍰
3: (hostname not specified) - No strong feelings on my end about what's displayed.
Ok, so I will start with option 2
5: (
ssh -vv) - Thinking about it some more, this is a bigger scope than-vv. What I'm really looking for is assh wrappersshto look and act as much likesshas possible
Totally agree; my goal for this wrapper is to act 100% like ssh
continuing 5: since the generated
~/.ssh/configisn't usable byssh. That's a harder problem to solve.
That's very strange, the standard ssh should always be able to use the generated ~/.ssh/config :hushed:
Do not hesitate to give me an example if you encounter this issue again
6: (assh connect --dry-run) - My expectation is that this command will succeed if my config is valid, and show me what the connection will look like. When it failed, I assumed that meant I had a problem with that host. I think your answer to 7) is what I really need. :-)
I think that you should be interested in this feature idea: https://github.com/moul/advanced-ssh-config/issues/82
8: (ssh aliases) - I've realized there's another issue here. [...] The ordering has been reversed! This will use the wrong key file for foo servers.
Nice catch, you can open a new bug for this :)
I've pulled out most of these into separate issues.
Regarding generated ~/.ssh/config not being compatible, here's an example of what I mean:
Host foo
IdentityFile ~/.ssh/foo
User foo
# Inherits: [other]
# Gateways: [bastion.example.com]
# HostName: example.com
This entry is only usable by plain ssh because assh connect is set as the default ProxyCommand. Remove that and plain ssh will fail.
In other words, assh locks you in to connecting via assh, it's currently not possible to use assh only for managing ~/.ssh/config and not as a connection wrapper.
What if assh instead generated:
Host foo
IdentityFile ~/.ssh/foo
User foo
ProxyJump bastion.example.com
HostName example.com
InheritedSetting1 a
InheritedSetting2 b