New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minor tweaks to ssh kitten and shell integration #4794
Conversation
Exclude local runs by KITTY_PID. Check KITTY_WINDOW_ID to detect connections via ssh kitten. Check SSH via who -m with the integration manually installed and sudo.
Currently kitty does not use the B prompt marking. This is consistent with the zsh and bash implementations. Improve compatibility with most user configurations.
According to the man page there is no --no-same-owner in openbsd so I doubt it will. https://man.openbsd.org/tar |
I saw the latest commit which should fix the tar issue. I installed an openbsd vm and the first time I connected via ssh kitten it disconnected immediately after enter password.
Try env TERM kitty +kitten ssh --kitten="env TERM=xterm-256color" root@openbsd
# ... password: ...
# Connection to openbsd closed. I wonder if other systems may also have this issue. Regarding the hostname configuration, is there a special consideration that does not support matching the hostname set by the user? (Host configured in .ssh/config) A service component in a different project may use the same hostname of a common word. The hostname can be changed on the remote. etc. ... |
On Sun, Mar 06, 2022 at 11:48:08PM -0800, page-down wrote:
I saw the latest commit which should fix the tar issue.
I installed an openbsd vm and the first time I connected via ssh kitten it disconnected immediately after enter password.
OpenBSD is an extremely crippled system so I am not surprised. Use the
debug function to see where the script is failing.
Try to connect directly using ssh again:
```text
tset: unknown terminal type xterm-kitty
Terminal type?
```
Try env TERM
```shell
kitty +kitten ssh --kitten="env TERM=xterm-256color" ***@***.***
# ... password: ...
# Connection to openbsd closed.
```
I wonder if other systems may also have this issue.
---
Regarding the hostname configuration, is there a special consideration that does not support matching the hostname set by the user? (Host configured in .ssh/config)
Could you share some thoughts on this?
One can connect to hosts using IP addresses and aliases in /etc/hosts or
in a DNS server or ~/.ssh/config. The remote hostname is one simple
point of configuration.
That said there is no harm in matching against the name used on the ssh
commandline to connect as well.
|
I was wondering if we could check the commands that will be used first, then output the warning log earlier and abort.
Ok, I understand that this is the acceptable way to configure it. |
patches for openbsd:
Should the following
|
On Mon, Mar 07, 2022 at 06:33:32AM -0800, page-down wrote:
Should the following `head -c` fall back to dd?
dd will be insanely slow it has to be executed for every byte.
Is it possible to ask for gz?
Yes, you can add a field to the msg sent to kitty asking for gz
compression if you like.
|
I went on to try FreeBSD.
Try modifying bootstrap.sh to see what is happening.
chsh -s /bin/sh
Is there any other option? |
On Tue, Mar 08, 2022 at 02:34:00AM -0800, page-down wrote:
I went on to try FreeBSD.
You are very adventurous.
```text
# kitty +kitten ssh ***@***.***
/bin/sh: Event not found.
Missing name for redirect.
saved_tty_settings=: Command not found.
Badly placed ()'s.
...
```
Try modifying bootstrap.sh to see what is happening.
```text
<Here is an empty line.>
ps -f
exit 0
```
```text
Unmatched '''.
PID TT STAT TIME COMMAND
# ...
1493 0 Ss+ 0:00.00 csh -c sh -c '\nps -f\nexit 0'
1495 0 R+ 0:00.00 ps -f
Unmatched '''.
```
chsh -s /bin/sh
```text
# bootstrap.sh: failed at the last line:
# exec $login_shell "-l"
Illegal option -l
```
Is there any other option?
Which shell doesnt support -l?? According to the man page on FreeBSD
tcsh does: https://www.freebsd.org/cgi/man.cgi?csh(1)
|
The root user uses |
On Tue, Mar 08, 2022 at 04:17:53AM -0800, page-down wrote:
> Which shell doesnt support -l?
`/bin/sh`
https://www.freebsd.org/cgi/man.cgi?sh
Ah, well no I don't see an alternative. If it doesn't support exec -a and
doesn't support sh -l I don't see what we can do other than tell users to
move to a better system or install python and set the interpreter to
that.
The root user uses `/bin/csh` (tcsh) by default, which is supported to run with `-l`, but I haven't been able to run it yet.
It seems to be a quoting problem, and the code is being run with (t)csh.
csh is not POSIX compatible. You wont be able to get bootstrap.sh to
work with it.
|
I see that openbsd, freebsd all come with clang by default, which seems very possible ... It's just ridiculous.
We explicitly use
It's just that under freebsd csh seems to treat the |
Weird are you saying that on freebsd running sh -c "whatever" actually runs csh -c sh -c "whatever"?? If os that's a bug in FreeBSD. |
Linux
FreeBSD with login shell /bin/csh
FreeBSD with login shell /bin/sh
|
For the above reason, setting it to python does not work either.
I have fish installed on Linux and I would like to confirm that:
|
To summarize: I can think of one solution. ssh host sh -c "echo <BOOTSTRAP_SH_BASE64> | base64 -d | sh"
ssh host python3 -c "eval(compile(standard_b64decode(..." Since the actual code is run by interpreter, it should work on all login shells as long as they don't have any special quotes. |
But that will break if base64 is not available. |
Replace the quotes with AAA, BBB, (not sure if Unicode will work) and then replace them back using simple tools like |
yes that will likely work, note that awk is part of POSIX so we are not limited to tr |
I don't see string expansion in the bootstrap code, and it looks like it could also be used where needed. https://pubs.opengroup.org/onlinepubs/009604499/utilities/xcu_chap02.html#tag_02_06_02 |
On Tue, Mar 08, 2022 at 06:58:10AM -0800, page-down wrote:
I don't see string expansion in the bootstrap code, and it looks like it could also be used where needed.
But that's for POSIX shells, inst the whole problem here fish or other
non posix shells?
|
On Thu, Mar 10, 2022 at 07:17:03AM -0800, page-down wrote:
> ... so mv or os.rename() are atomic and basically free (two directory inode updates) ...
Yes, the last thing I want is to move across different file systems.
> This requires more rounndtrips which is an absolute killer for latency.
Increased latency is unacceptable.
Here is one way I can think of.
- Create a summary hash based on all the file size and time.
- Add the `last-update-hash` file when sending the tarball.
- The remote bootstrap script sends the contents of the last-update-hash file (a hash string) when requesting data, and ssh kitten decides if it needs to send it all again.
It may not be accurate to identify changes by file modification date and size,
but I will be happy with this opt-in configuration because I know what I'm doing.
I am currently working on a way to do the copy without any roundtrips at
all. If that works out then it wont be possible to do even this. So lets
table this for now and get back to it later.
|
I tried the latest commit and unfortunately, it still needs to limit the path length.
I think the maximum length is 108 on Linux and 104 on macOS and FreeBSD. EDIT:
ssh debug
# unix_listener: path "<104 chars>" too long for Unix domain socket |
why is the hash so long on your system, on mine its 40 chars why is it |
ssh -G -o ControlPath=%C test | grep -i path on my macOS system gives a 40 char hash as expected |
|
So what command line is generating a hash of a5bc21fdef2a7e26de907f92602636d6e3c57fff.baqiDKDaIHdFO4Ci It seems extremely odd that the has format is not constant. |
It's obviously not kitty's problem, hmm... |
I looked at openssh code, it basically creates a temp socket file and |
I assume you are looking at the latest code, I upgraded to OpenSSH 8.9p1 and the problem still exists. |
I tried the latest commit and now the ssh kitten works fine. /etc/periodic/daily/110.clean-tmps # ...
find -dx . -fstype local -type f $args -delete $print
find -dx . -fstype local ! -name . -type d $dargs -delete $print |
I updated to the latest commit. There is a problem with using the def options_for_host(hostname: str, username: str, per_host_opts: Dict[str, SSHOptions], cli_hostname: str = '', cli_uname: str = '') -> SSHOptions:
# ...
for name in option_names:
for opts in rest:
# ...
setattr(ans, name, val) ~/.config/kitty/ssh.conf
matches: The login shell and shell integration configured by the following command does not take effect.
The login shell configured by the following command takes effect, but the shell integration is set to the default value from SSHOptions.
Now the following warning appears, is it possible to suppress it? E.g.
Is it worth providing a subcommand to disconnect all shared ssh connections? I found it might be useful when I was trying Is it appropriate to use the POSIX SHELL environment variable to get the login shell? |
When connecting to a non-existent host, the data is written to the local shell after ssh exits.
I guess this also happens when ssh quits in the middle of transmission for any reason. Not yet tested for interruptions due to network connection failure. |
On Mon, Mar 14, 2022 at 08:10:13PM -0700, page-down wrote:
When connecting to a non-existent host, the data is written to the local shell after ssh exits.
Doesnt reproduce for me, check drain_potential_tty_garbage() and see why
it is not working for you.
|
After running kitty the first connection works fine and eventually reads
|
On Mon, Mar 14, 2022 at 08:45:53PM -0700, page-down wrote:
> ... check drain_potential_tty_garbage() ...
After running kitty the first connection works fine and eventually reads `KITTY_DATA_END`.
Connecting again is problematic, and the following condition is not valid.
`while ... and select([tf], [], [], 0.075)[0]:`
I dont follow, are you saying
kitty +kitten ssh badhost
does not spew garbage the first time it is run, but does the second?
|
Yes, or run macOS, OpenSSH 8.9p1
Linux, OpenSSH 8.2p1
I haven't tested the latest openssh under Linux yet. |
On Mon, Mar 14, 2022 at 07:52:34PM -0700, page-down wrote:
I updated to the latest commit.
There is a problem with using the `--kitten` option to override the configuration.
kittens/ssh/config.py
```python
def options_for_host(hostname: str, username: str, per_host_opts: Dict[str, SSHOptions], cli_hostname: str = '', cli_uname: str = '') -> SSHOptions:
# ...
for name in option_names:
for opts in rest:
# ...
setattr(ans, name, val)
```
~/.config/kitty/ssh.conf
```conf
shell_integration disabled
hostname debug
shell_integration enabled
```
matches: `'*', 'debug', ***@***.***'`
The login shell and shell integration configured by the following command does not take effect.
`kitty +kitten ssh --kitten='hostname debug' --kitten='login_shell zsh' debug`
```text
hostname -> * -> debug -> ***@***.***
login_shell -> "" -> "" -> ""
shell_integration -> disabled -> enabled -> inherited
```
The login shell configured by the following command takes effect, but the shell integration is set to the default value from SSHOptions.
`kitty +kitten ssh --kitten='login_shell zsh' debug`
```text
hostname -> * -> debug -> ***@***.***
login_shell -> "" -> "" -> zsh
shell_integration -> disabled -> enabled -> inherited
```
---
Now the following warning appears, is it possible to suppress it? E.g. `> /dev/null`
I found this a bit annoying, not too concerned about the time difference within one second.
```text
tar: data.sh: time stamp xxx is 0.xxx s in the future
```
---
These are both fixed.
Is it worth providing a subcommand to disconnect all shared ssh connections? I found it might be useful when I was trying `password login`.
I added a mappable action for it.
---
Is it appropriate to use the POSIX SHELL environment variable to get the login shell?
(Except that it did not take effect immediately after `chsh` with shared ssh.)
Is it efficient in most cases?
It doesn't reflect chsh, so not really.
|
On Mon, Mar 14, 2022 at 10:12:24PM -0700, page-down wrote:
> does not spew garbage the first time it is run, but does the second
Yes, or run `kitty +kitten ssh localhost` (never connected), even if it's the first time you run it after kitty starts.
macOS is weird. Should be fine now.
|
Thanks, I updated to the latest commit and it's working fine.
Is this a compatibility issue? |
That's an impossible issue :)
So why is ssh not using kitty's askpass on your Linux system? |
Oh and btw to tets this you dont need to clear th eknown hosts file, you can just do kitty +kitten ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=ask whatever |
Thanks for the tip. |
Sigh, endlessly annoying Linux distros with their ancient software. It was introduced in openssh 8.4 so one just needs to check the version |
I tried the latest commit and found that the following doesn't work. if os.environ.get('DISPLAY') or ssh_version() >= (8, 4): Since the environment variable
It seems that this has landed. These are files that are mandatory before the login shell runs, and after this is resolved, other files might be able to be synchronized asynchronously after the connection (e.g. explicitly configured to use librsync). |
On Tue, Mar 15, 2022 at 04:18:09AM -0700, page-down wrote:
> ... do the copy without any roundtrips ... it wont be possible to do even this.
> So lets table this for now and get back to it later. ...
It seems that this has landed.
Since we are using a shared connection, I wonder if after the first connection is established, can we assume that the terminfo, shell_integration files, etc. have been updated to the current version and subsequent connections don't need to send these again, and there is no need to tar `data.sh` and extract.
I dont see much point, it's a very marginal saving for a fair bit of
complication. But you are welcome to try it and see how much exactly the
saving is in terms of latency to prompt. It's a total of ~100K of data
(before compression, probably 40K with compression) to transmit, which
is nothing on modern networks. Just comment out the bits of code that
add those files to the tarfile and the copy files code in bootstrap.sh
and check.
These are files that are mandatory before the login shell runs, and after this is resolved, other files might be able to be synchronized asynchronously after the connection (e.g. explicitly configured to use librsync).
Cant do that, other files might be needed to setup the environment for
the shell, for instance.
|
I just checked, it compresses to 15K. |
OK, It is not possible to cover everything, and users with special needs will need to write their own tools. This obviously cannot be done with minimal cost to know the status of the target host. Also this reminds me of a scenario where a user (e.g., root) on a device can log in and run programs or write files, but there is no $HOME. |
@kovidgoyal When connecting with OpenSSH client version v8.9p1, it outputs |
Sounds like a bug in that server, its not cloning the echo state of the |
OK, then this better be fixed in that project.
These two options are sufficient, and the latency is acceptable.
No. There are actually not many open source SSH servers, and this is the last one I want to try. |
For SSH detection, first exclude the case that KITTY_PID exists.
Then check the existence of KITTY_WINDOW_ID.
Call
who
only if sudo is running (environment variables are cleared) and shell integration is manually installed for the switched user.Users can add KITTY_WINDOW_ID to sudo env_keep to avoid calling who.
SSH_TTY is not suitable for adding to env_keep, because it is possible that the switched user does not have permission to access it and affecting other programs.
Please review, thank you.
I'm a little concerned about whether
tar x --no-same-owner
will work properly on OpenBSD and am going to give it a try.