Skip to content
This repository has been archived by the owner on Mar 19, 2022. It is now read-only.

Use remote login user in ssh control path #468

Merged
merged 1 commit into from
Jan 6, 2016
Merged

Use remote login user in ssh control path #468

merged 1 commit into from
Jan 6, 2016

Conversation

mmrwoods
Copy link
Contributor

@mmrwoods mmrwoods commented Jan 5, 2016

Only one user can cook a node from a single workstation when ssh
multiplexing is enabled, as it is by default, but the same control
socket is shared by multiple users.

This causes problems when bootstrapping new nodes when the initial
connection is made using the root user, but root logins are disabled
as part of the bootstrap process.

Fixed by using the remote login user name in the ssh control path.

Fixes #444

@mmrwoods
Include remote user and port in ssh control path
8d22806 
Only one user can cook a node from a single workstation when ssh
multiplexing is enabled, as it is by default, but the same control
socket is shared for ssh sessions with different users and ports.

This causes problems when bootstrapping new nodes if root logins are
disabled and/or the sshd port is changed during the initial chef run.

Fixed by using the remote user and port in the ssh control path.

Fixes matschaffer#444
matschaffer added a commit that referenced this pull request Jan 6, 2016
@matschaffer
Merge pull request #468 from thickpaddy/fix_ssh_control_path
69b5575 
Use remote login user in ssh control path
@matschaffer matschaffer merged commit 69b5575 into matschaffer:master Jan 6, 2016
@matschaffer
Copy link
Owner

Thanks!

@matschaffer matschaffer removed the ready label Jan 6, 2016
@adamvduke
Copy link

👍

@mmrwoods mmrwoods deleted the fix_ssh_control_path branch January 16, 2016 11:01
@matschaffer
Copy link
Owner

Just a heads up that I may need to roll this back, or default control sockets to "no". I'm already hitting "file name too long" errors on the integration suite.

@matschaffer matschaffer mentioned this pull request Apr 7, 2016
Merged
16 tasks
@mmrwoods
Copy link
Contributor Author

mmrwoods commented Apr 7, 2016

This is fixed in a later pull request...
#470

The above does rely on support for %C in the control path, which was introduced in openssh 6.7, but assuming the typical use case for knife-solo is to run on developer workstations, I think it's pretty safe to assume that either openssh 6.7 or later will be installed on the workstation -OR- the developer in question is for some reason running some old or "enterprisey" version of some UNIX, knows what they are doing, and will immediately understand the openssh error that results from using %C when it's not supported.

@matschaffer
Copy link
Owner

Ah. Gotcha. I'll merge that then but probably still switch the default to
"no". I still know a lot of people on the last major Mac OS which didn't
support %C.

On Thursday, 7 April 2016, Mark Woods notifications@github.com wrote:

This is fixed in a later pull request...
#470 #470

The above does rely on support for %C in the control path, which was
introduced in openssh 6.7, but assuming the typical use case for knife-solo
is to run on developer workstations, I think it's pretty safe to assume
that either openssh 6.7 or later will be installed on the workstation -OR-
the developer in question is for some reason running some old or
"enterprisey" version of some UNIX, knows what they are doing, and will
immediately understand the openssh error that results from using %C when
it's not supported.


You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#468 (comment)

-Mat

matschaffer.com

@mmrwoods
Copy link
Contributor Author

mmrwoods commented Apr 7, 2016

Yeah, I've just done a bit of digging and realised the same... even Yosemite is on an ancient openssh version unless you homebrew it :-(

Probably best to switch the default to "no".

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mmrwoods @matschaffer @adamvduke