-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removing the reliance on netcat #374
Comments
i forget, isnt nc running on the remote box?
…Sent from my iPhone
On Dec 20, 2017, at 5:25 PM, Evan Farrar ***@***.***> wrote:
The functionality of netcat is almost identical to the Go networking standard libraries, yet when users supply a proxy to bosh ssh then the CLI will shell out to SSH which will shell out to nc.
Unfortunately, netcat is a very old and storied program, and as a result it is not always consistent which flavor of nc a user will have installed on their system. Additionally, though it can now be expected that windows users will have a reasonable version ssh these days, it is still uncommon to have nc.
I propose that we make a new bosh subcommand, bosh nc, and when a SOCKS5 proxy is supplied to bosh ssh then this command is supplied as the ProxyCommand to OpenSSH instead of nc. We could reflect on what the name of the command we used for bosh ssh was (e.g. bosh or bosh2), and consistently use that same invocation name for ProxyCommand.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
https://cloudfoundry.slack.com/archives/C2DBC3YGZ/p1513631526000248 I believe this nc runs locally, it is the proxy client in this case:
|
I've encountered this again today with a user. They preferred CentOS over Ubuntu, so they stood up a CentOS box on GCP as a jumpbox to run BBL from because they also preferred windows over linux. After deploying BOSH with bbl successfully, they attempted to deploy concourse, and we attempted to debug it with Technically we could introspect the help for netcat to figure out which flavor of netcat is installed, but there are THREE popular variants of netcat: BSD, nmap, and GNU. We're not doing a lot with netcat that Go couldn't do just as well, and in a way that is not just *nix agnostic but also platform agnostic. I'd even be open to making the command flags the same so that Would you accept this as a pull request? |
i m open to this, lets chat more, just want to understand how that works
today (forgot all about it already).
…On Tue, Jan 23, 2018 at 5:50 PM, Evan Farrar ***@***.***> wrote:
I've encountered this again today with a user. They preferred CentOS over
Ubuntu, so they stood up a CentOS box on GCP as a jumpbox to run BBL from
because they also preferred windows over linux. After deploying BOSH with
bbl successfully, they attempted to deploy concourse, and we attempted to
debug it with bosh ssh web/0. We got: nc command not found. So, install
it, right? The yum repos *only* contain nmap-ncat and install an alias
for ncat as nc, so we installed it, and that also didn't work.
Technically we *could* introspect the help for netcat to figure out which
flavor of netcat is installed, but there are THREE popular variants of
netcat: BSD, nmap, and GNU. We're not doing a lot with netcat that Go
couldn't do just as well, and in a way that is not just *nix agnostic but
also platform agnostic.
I'd even be open to making the command flags the same so that bosh nc -x
localhost:51234 remotehost 22 work, then not changing a thing about bosh
ssh but instead documenting the fact that "you can run alias nc=bosh nc
if you don't have the BSD flavor of netcat installed"
Would you accept this as a pull request?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#374 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AALV9yweiFR0jFCIg8Rdp2B1yzimS9Qpks5tNox4gaJpZM4RJO78>
.
|
cc @genevieve this is another topic we should discuss |
Given that I was totally stumped by this for days, I'm pretty motivated to solve this. Here is the story I want to prioritize for our team: GIVEN I have a jumpbox and director create by bbl Some design reasoning:
We will likely PR first, then ask to cross team pair with BOSH if we need to rebase or refactor. This does not block us in any way, so we won't be really worrying about when this release is cut. It just eliminates a soft dependency of the BOSH cli that is awkward to document and only used in, and almost always works for core devs and almost never works well for users trying to use BOSH by themselves This would also resolve #328 |
I ran into an issue today with Running command: 'ssh -tt -o ServerAliveInterval=30 -o ForwardAgent=no -o PasswordAuthentication=no -o IdentitiesOnly=yes -o IdentityFile=/home/hicks/.bosh/tmp/ssh-priv-key997237017 -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/home/hicks/.bosh/tmp/ssh-known-hosts704100772 -o ProxyCommand=nc -x localhost:25555 %!h(MISSING) %!p(MISSING) 10.150.1.2 -l bosh_9c1363f41bcf4af', stdout: '', stderr: '': exit status 255 I tried this with bosh-cli 5.4.0. |
I'd like to add to this issue.
bosh commands work.. vms, instances, etc.
we have a work around to the failure by setting three new variables and unsetting another on ssh invocation.
Now this command works.
I would like to have the reliance on nc removed (most desirable) OR updated to support the other nc commands. |
Any progress on this? |
This issue was marked as |
I still believe this is a valid request. |
This issue was marked as |
This issue was closed because it has been labeled |
stale bots succ |
For reference, this does still seem to be a problem without a lot of great solutions. Unfortunately it doesn't cause problems for most users. But if somebody wants to take a crack at fixing it, we'd be more than happy to review a PR and provide any guidance we can. |
Multiple people on my team have run into this, but it's made worse by the fact that the error messages it results in are so opaque. Even adding a check for the netcat variant and emitting a helpful error message would improve things slightly. |
@risicle we will review a pr in case you would like to contribute this. |
The functionality of netcat is almost identical to the Go networking standard libraries, yet when users supply a proxy to
bosh ssh
then the CLI will shell out to SSH which will shell out to nc.Unfortunately, netcat is a very old and storied program, and as a result it is not always consistent which flavor of
nc
a user will have installed on their system. Additionally, though it can now be expected that windows users will have a reasonable versionssh
these days, it is still uncommon to havenc
.I propose that we make a new bosh subcommand,
bosh nc
, and when a SOCKS5 proxy is supplied tobosh ssh
then this command is supplied as the ProxyCommand to OpenSSH instead ofnc
. We could reflect on what the name of the command we used forbosh ssh
was (e.g. bosh or bosh2), and consistently use that same invocation name forProxyCommand
.The text was updated successfully, but these errors were encountered: