-
Notifications
You must be signed in to change notification settings - Fork 213
Use remote login user in ssh control path #468
Conversation
Only one user can cook a node from a single workstation when ssh multiplexing is enabled, as it is by default, but the same control socket is shared for ssh sessions with different users and ports. This causes problems when bootstrapping new nodes if root logins are disabled and/or the sshd port is changed during the initial chef run. Fixed by using the remote user and port in the ssh control path. Fixes matschaffer#444
91d5ec3
to
8d22806
Compare
Use remote login user in ssh control path
Thanks! |
👍 |
Just a heads up that I may need to roll this back, or default control sockets to "no". I'm already hitting "file name too long" errors on the integration suite. |
This is fixed in a later pull request... The above does rely on support for %C in the control path, which was introduced in openssh 6.7, but assuming the typical use case for knife-solo is to run on developer workstations, I think it's pretty safe to assume that either openssh 6.7 or later will be installed on the workstation -OR- the developer in question is for some reason running some old or "enterprisey" version of some UNIX, knows what they are doing, and will immediately understand the openssh error that results from using %C when it's not supported. |
Ah. Gotcha. I'll merge that then but probably still switch the default to On Thursday, 7 April 2016, Mark Woods notifications@github.com wrote:
-Mat matschaffer.com |
Yeah, I've just done a bit of digging and realised the same... even Yosemite is on an ancient openssh version unless you homebrew it :-( Probably best to switch the default to "no". |
Only one user can cook a node from a single workstation when ssh
multiplexing is enabled, as it is by default, but the same control
socket is shared by multiple users.
This causes problems when bootstrapping new nodes when the initial
connection is made using the root user, but root logins are disabled
as part of the bootstrap process.
Fixed by using the remote login user name in the ssh control path.
Fixes #444