Proxycommand 'none' interpreted as command #415

Closed
richardspiers opened this Issue Oct 6, 2014 · 4 comments

Projects

None yet

4 participants

@richardspiers

With regards to ssh config, the proxycommand is disabled by specifing 'none':

Relevant section taken from ssh_config man pages:

ProxyCommand

Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with the user's shell. In the command string, any occurrence of ‘%h’ will be substituted by the host name to connect, ‘%p’ by the port, and ‘%r’ by the remote user name. The command can be basically anything, and should read from its standard input and write to its standard output. It should eventually connect an sshd(8) server running on some machine, or execute sshd -i somewhere. Host key management will be done using the HostName of the host being connected (defaulting to the name typed by the user). Setting the command to “none” disables this option entirely. Note that CheckHostIP is not available for connects with a proxy command.

I have a slightly complicated ssh_config, which has to explicitly disable proxy command for some hosts due to how hostname matching has been implemented.

However, when using fabric and/or paramiko, the "none" option gets interrupted as an actual string value, which results in no fabric commands working as it throws exceptions containing OSError: [Errno 2] No such file or directory

A test script showing the parsing behaviour is below:

#!/usr/bin/python
import paramiko
import StringIO

temp_config = '''
Host 1.1.1.1
    User guestuser
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    ProxyCommand none
    '''
fake_config_file = StringIO.StringIO()
fake_config_file.write(temp_config)
fake_config_file.seek(0)

ssh_config = paramiko.SSHConfig()
ssh_config.parse(fake_config_file)

print ssh_config.lookup('1.1.1.1')

Output:
{'stricthostkeychecking': 'no', 'userknownhostsfile': '/dev/null', 'user': 'guestuser', 'hostname': '1.1.1.1', 'proxycommand': 'none'}

This is eventually used in fabric in fabric/network.py:

def get_gateway(host, port, cache, replace=False):
  ...
  proxy_command = ssh_config().get('proxycommand', None)
  ...
  elif proxy_command:
        sock = ssh.ProxyCommand(proxy_command)
    return sock

While this could be fixed by simply checking for 'none' in fabric, I've opened an issue here against paramiko as I believe it makes more sense to fix it at this level. Please feel free to disagree and I'll report it against fabric instead if desired.

@lndbrg
Contributor
lndbrg commented Oct 6, 2014

Nope, seems logical to check for the existence of none in paramiko and make sure that it gets disabled/removed.

@bitprophet
Member

Yea this seems like a straightforward incomplete implementation. Thanks for the report! Labeling n such for followup.

@seanson
seanson commented Nov 11, 2014

I've added a pull request for a possible solution, please feel free to provide any feedback.

@bitprophet bitprophet added a commit that referenced this issue Dec 17, 2014
@bitprophet bitprophet Changelog re #415 0a73a54
@bitprophet
Member

Merged #433, this should be good now.

@bitprophet bitprophet closed this Dec 17, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment