Empty gateway directories being created in current working directory

[stk0vrfl0w]

When trying to access a machine that uses a gateway, assh always creates an empty directory named after each of the gateways it had tried in the current working directory.

So, for the example assh.yml config file below, if I try to ssh to frankbastion and it goes through gateway3, there will be empty directories called gateway1, gateway2 and gateway3 created in the current working directory. Is there an option to disable directory creation? It's not necessary for my use case and pollutes my working spaces everywhere.

    defaults:
        LogLevel: error
        ForwardAgent: yes
        ServerAliveInterval: 30
        StrictHostKeyChecking: no
        UserKnownHostsFile: /dev/null

    hosts:

        gateway*:
            Hostname: "%h.mycompany.io"
            Inherits:
                - control-template

        frankbastion:
            DynamicForward: 5555
            Hostname: frank.mycompany.io
            Inherits:
                - gw-proxy

        beansbastion:
            DynamicForward: 6666
            Hostname: beans.mycompany.io
            Inherits:
                - gw-proxy


    templates:

        control-template:
            ControlMaster: auto
            ControlPath: ~/.ssh/%h_control.sock

        gw-proxy:
            ProxyCommand: nc -q0 %h 22
            Gateways:
                - gateway1
                - gateway2
                - gateway3

[moul]

Hi @stk0vrfl0w, thank you for your feedback !

I will add an option to disable this feature

---

For now I suggest you to move your control path in a dedicated directory, i.e: ~/.ssh/sockets/%h_control.sock (mine is ControlPath: ~/.ssh/cm/%h-%p-%r.sock)

This way all the empty directories and .sock files are only polluting a subdirectory

[stk0vrfl0w]

Thanks for the reply @moul . However, I'm fairly certain that the dedicated control path already exists. If you look at the gateway*, it inherits from control-template which sets the ControlPath and I've verified that the socket file is created in ~/.ssh/%h_control.sock upon connection to either of the bastion hosts.

Am I missing something?

[stk0vrfl0w]

Maybe this would help explain my use case scenario. In order for me to get to the FrankNetwork, I need to first go through one of the gateway systems (requiring 2-factor auth). From there, I can go to Frankbastion and then finally into the Franknetwork. Similar rules apply for BeansNetwork, etc.

                  +------------+
 o                |            |  ->  Frankbastion  ->  FrankNetwork
/|\       ->      |  Gateways  |       
/ \               |            |  ->  Beansbastion  ->  BeansNetwork
     ControlPath  +------------+

To take advantage of only having to 2-factor authenticate once for the gateways, I setup a ControlPath only to them and then have DynamicForward for bastion hosts. I'd assumed that I've written the assh.yml correctly because it seems to do what I want -- except for the fact the a temporary directory is getting created even if ControlPath is defined and getting used.

Seems that because I don't have a ControlPath defined for Frankbastion or Beansbastion, assh is automatically creating a temp directory for their defined gateways -- even though the gateway has a ControlPath defined.

I've also noted that setting ControlMaster no / ControlPath none in the defaults won't prevent the creation of the temp directory. So... let's say I do ssh 172.31.29.255/172.16.254.0, a directory called 172.16.254.0 gets created in the current working directory.

All that said, I really appreciate you adding the ability to disable the auto-creation of directories.

[moul]

Hi @stk0vrfl0w, #128 should fix this problem by adding an option to disable the automatic creation of directories for gateways, I will give some tests and come back to you

[moul]

It seems good to me, you can upgrade assh and try again