colmena icon indicating copy to clipboard operation
colmena copied to clipboard
verified publisher icon zhaofengli

Allow configuation of SSH parameters

Open aanderse opened this issue 3 years ago • 6 comments

This has recently been added to my wish list so I thought I would create an actual issue instead of leaving it as a TODO in source code.

https://github.com/zhaofengli/colmena/blob/429a0f5aa1d1bac06234e2f0c02d5b63a850d940/src/nix/host/ssh.rs#L264

aanderse avatar May 31 '22 12:05 aanderse

Is this really useful? Beyond StrictHostKeyChecking and BatchMode (and User until #91 is merged), the rest already can be configured with local ssh configuration e.g. ~/.ssh/config

dminuoso avatar Jun 01 '22 10:06 dminuoso

Yes. Currently we run colmena with a very minor patch to add ProxyJump to the ssh options. I would really appreciate this feature.

aanderse avatar Jun 01 '22 10:06 aanderse

For me too. For example for ssh over ssm it would be great if I don't have to edit the ~/.ssh/config everything I run terranix/terraform.

A ssh command like this would be necessary to use ssh over ssm:

ssh -o ProxyCommand="sh -c \"aws ssm start-session --profile ASDFASDF --region us-east-1 --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'\""

mrVanDalo avatar Sep 13 '22 14:09 mrVanDalo

I worked around this by adding a provisioner to servers i deploy via terraform:

provisioner = [
  {
    local-exec = {
      # TF interpolation only works inline
      command = ''
        cat << 'EOF' > ''${path.module}/.ssh_config
        ${builtins.concatStringsSep "\n" (map (name: ''
            Host deploy-${name}
              HostName ''${hcloud_server.${name}.ipv4_address}
          '')
          nodeNames)}
        EOF
      '';
    };
  }
  provisioners.bootstrapHetzner
];

Then added SSH_CONFIG_FILE=.ssh_config to the dev shell and things work pretty nicely. This way I don't have to hardcode the deployment IPs in the flake itself.

manveru avatar Jan 06 '23 16:01 manveru