-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve parsing of SSH config file for verdi computer configure ssh
#4100
Comments
Sounds reasonable I think. On a semi-related note, I was recently messing around with a bit recently with automating this configuration when building VMs in https://github.com/chrisjsewell/ansible-role-aiida-computer |
Indeed, I also had the same experience as you had @ConradJohnston Or should we ask the user to pick from one of the "valid" entries, or maybe just ask to provide a new name, then print out the raw content of the .ssh/config file, and if they are happy, continue with those defaults? (Note that the Host could even just be Or any other suggestions? |
Personally, I've always found the fact that AiiDA tries to parse the Since the documentation anyhow starts by setting up your Major benefits I would see:
Potential downsides
P.S. After looking a bit into it, I realized that while paramiko provides parsers for the SSH config, it does not seem to help you with e.g. automatically parsing the information for the proxy server as well, i.e. it looks to me like some legwork would remain on the AiiDA side when using paramiko (?). However, there are tools like Here's an excerpt from my ssh config:
And here's what I can do after ipython
In [1]: from fabric import Connection
In [2]: c = Connection('ela')
In [3]: c.run('hostname')
ela5.cscs.ch
Out[3]: <Result cmd='hostname' exited=0>
In [4]: c = Connection('daint')
In [5]: c.run('hostname')
daint102
Out[5]: <Result cmd='hostname' exited=0>
In [6]: c.ssh_config
Out[6]:
{'user': 'tal',
'hostname': 'daint.cscs.ch',
'identityfile': ['/Users/leopold/.ssh/cscs'],
'forwardagent': 'yes',
'port': '22',
'proxyjump': 'ela',
'forwardx11': 'yes',
'forwardx11trusted': 'yes',
'sendenv': 'LANG LC_*'} |
Just one comment to clarify some points where I think there might be some misunderstanding:
For these reasons I believe we cannot yet "trust" automatic parsing of the ssh_config. One important thing to remember: In any case, again - if we have a way to correctly parse it, maybe we should just implement it rather than dropping copying the information in the AiiDA DB. Maybe the simplest is, in |
I haven't come across this use case before, have you? My point is just that by storing all this information (which is not considered part of the provenance) in the database, we are forcing ourselves to re-implement all this logic that is already present in the ssh program itself; while resulting in a less feature-complete and less robust interface for the user. If one could simply tell AiiDA the ssh alias to connect to and let the ssh config do the rest [1], it seems to me that we would make life easier both for users and developers. [1] Either by using ssh directly like in |
Assuming we can use all features in the SSH config file (not obvious, probably needs fabric, which means adapting most of the transport) we could go for a transition phase where the first question is "do you want to use your user SSH config" and if yes you just provide a name (note, one downside: you might connect to a different machine than the one declared in the hostname of the computer, in this way). Or, even better (if as I suspect this requires fabric): one should implement a ssh-fabric plugin and use this approach there. No problem in hosting it directly on aiida-core, I think, and if we realise it's much more robust we can suggest it as a default. |
I also mention here the option to look into AsyncSSH as mentioned by @dev-zero in this comment. |
In general, I fully support @ltalirz's suggestion to move towards simply storing the To deal with the problem raised in this issue, I was playing around with adapting the def parse_sshconfig(hostname):
"""
Parse the ``.ssh/config`` file in the home directory and return each configuration that has the given hostname.
:param hostname: the hostname for which we want the configuration.
:return: dict of configurations mapping each matching ``Host`` with the specified ``hostname`` to its configuration.
"""
import paramiko
config = paramiko.SSHConfig()
try:
with open(os.path.expanduser('~/.ssh/config'), encoding='utf8') as fhandle:
config.parse(fhandle)
except IOError:
# No file found, so empty configuration
pass
matching_hosts = {}
for host in config.get_hostnames():
host_config = config.lookup(host)
if host_config['hostname'] == hostname:
matching_hosts[host] = host_config
return matching_hosts In an effort to deal with the possibility of multiple This problem would be avoided if we could set up the parsing of the Host *
ForwardX11 yes
Host daint
HostName daint.cscs.ch
User mbercx
IdentityFile ~/.ssh/id_rsa-daint
ProxyCommand ssh -W %h:%p -i ~/.ssh/id_rsa-daint [email protected] In [1]: import os, paramiko
In [2]: config = paramiko.SSHConfig()
...: with open(os.path.expanduser('~/.ssh/config'), encoding='utf8') as fhandle:
...: config.parse(fhandle)
...:
In [3]: config.lookup('daint')
Out[3]:
{'forwardx11': 'yes',
'hostname': 'daint.cscs.ch',
'user': 'mbercx',
'identityfile': ['/home/mbercx/.ssh/id_rsa-daint'],
'proxycommand': 'ssh -W daint.cscs.ch:22 -i /home/mbercx/.ssh/id_rsa-daint [email protected]'} Or is there some other issue I'm missing? To deal with this issue in a minimal way, perhaps we can add an option to verdi computer configure ssh --load-from-system-host daint However, I still think that @ltalirz's suggestion is the best solution long term, if we can hash out @giovannipizzi's concerns. I.e. instead of using a |
|
Heroic stuff, Tiziano! 🥇 |
Related in spirit to issue #3311, and to the "UI Improvements" project.
Currently, when using
verdi computer configure ssh
to configure an SSH connection, the SSH config file, if present, is parsed by Paramiko andverdi
offers some suggestions for populating the configuration options.A typical stanza as currently supported might look like this:
One limitation of the current implementation is that one must specify the fully qualified hostname as the
Host
and anything specified using theHostname
keyword is only used to substitute%h
in SSH proxy commands, as I understand it. This is frustrating, as one typically uses the SSH Config to do something like:where
Host
is used to define convenience aliases.If this more canonical approach was supported it would reduce frustration, but also allow semi-convenient work arounds for locked down supercomputers (see #3929) like:
where one opens an SSH connection separately, supplies some 2FA, and redirects this connection to some local port, say 22000, and then points AiiDA to this localhost port, using a nice alias.
The text was updated successfully, but these errors were encountered: