New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for new-ish 'Match' config directive #717
Comments
It looks like we've never actually supported But this may be because it seems to have only been added to OpenSSH in 2013! :) http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c?rev=1.206&content-type=text/x-cvsweb-markup Will tweak ticket subject/desc, and would happily accept a PR if one was submitted. |
Yeah, I've looked through the source code and found no mention of |
@illtown Problem is that then ties us to requiring OpenSSH being present, which almost defeats the purpose of this being a standalone SSH implementation ;) (I could see us adding that as a tool in the test suite, however - a way of ensuring we're "up to spec". Hrm.) Re: if/else/etc, he parsing code, at its heart, is quite old (like the rest of the codebase) so I'm sure it could be cleaned up a good amount. Presumably we could leverage a grammar library or similar. Anyway, not a super high priority right now, there are other areas with more serious bugs/corner cases that need similar attention :( |
#896 brings up the point that was only implicit here, namely that because we appear to just ignore I'd accept either a PR that implements Match outright or one that at least attempts to skip past anything inside such blocks, which I assume would be a bit simpler/faster. Still don't have time myself to dig into this. |
FWIW I started picking at this after filing #896 here: mleinart:match_parsing. I'm trying to be delicate and not change structure too much while also keeping an eye to what I'll need for #897 This is what I've got so far (probably will poke at it more): |
Seems reasonable at a quick glance; I need to read up on exactly how Match is supposed to work before I can give a qualified thumbs up though. EDIT: also not philosophically opposed to improving how SSHConfig is organized/API'd (like with most of this codebase |
Cool! I'm going to keep poking at it. Sitting down to get some better tests written might be the thing that prompts me to do a bigger refactor :p |
Just wanted to say that maybe this should be higher priority because it breaks entirely if there are any match blocks in your config. I have some match blocks unrelated to the host I am attempting to connect to, but the config in the match blocks is overriding the hostname (among other things) thus causing it to try and connect to the wrong host. |
See potentially useful test case in #1297 (comment) from a dupe ticket. I have the need for this internally now so tackling it this week. Will see how easily I can fold in the work from/for #897 and maybe eg #872 while we're at it. Usual "iteration > biting off more than we can chew" rule applies - better to release some decent fix than spend weeks polishing a bigger overhaul. |
I'm something like 3/5 of the way through this so far, it's a slog unfortunately - I can't in good conscience only do it partway due to the nature of the feature, and history shows that doing so anyways leads to a lot more badfeels for users. ("Does not support X" is much easier to understand and work around than "Supports X buuuuuuuut...) Wasn't able to make direct use of @mleinart's patch as it seems to only really work for single-keyword Main reason I am dropping a note is to record (it's in the docs too tho) the unfortunate fact that In future we may want to update |
Everything but
I am currently leaning towards a "have cake & eat too" option so I can wrap up this long-running feature add:
|
God bless my habit of leaving large blocks of text for future-me. Would've been hard to remember all the above after weeks of dayjob and family obligations... Re: the questions above:
|
Huge ass squashed commit because I was experimenting with "commit entire feature at once so you do not leave broken tests around to break bisecting". Not sure it's worth it, at least not for large-ish, overhauling-existing-code feature adds. Breaking the work up over months did not help either, L M A O
This is done and in master now! |
Paramiko has recently added support for `Match` paramiko/paramiko#717 which resulted in some users getting an import error about `invoke` module, as it is not a default dependecy for paramiko. @Pseudomanifold reported that installing `invoke` iterative#4589 worked for him, which means that this newly added paramiko feature works in his case. That feature seems to not affect configs without `Match`, so we could give this a try and install it by default. Our conda package will be updated during the next release. Fixes iterative#4589 Fixes iterative#4616
Paramiko has recently added support for `Match` paramiko/paramiko#717 which resulted in some users getting an import error about `invoke` module, as it is not a default dependecy for paramiko. @Pseudomanifold reported that installing `invoke` #4589 worked for him, which means that this newly added paramiko feature works in his case. That feature seems to not affect configs without `Match`, so we could give this a try and install it by default. Our conda package will be updated during the next release. Fixes #4589 Fixes #4616
[Maintainer edit: this isn't a bug but simply a lack of a new upstream feature. See http://man.openbsd.org/ssh_config for details on
Match
.]this option is applied to
*
(all hosts) and should be evaluated to give true or false, and according to this set further parameters until next 'Host' or 'Match' keyword.Paramiko now treats 'Match' keyword as a parameter of
*
The text was updated successfully, but these errors were encountered: