GNU bug report logs - #64349
[PATCH] Persistent SSH forwarding service

Previous Next

Full log

Message #8 received at 64349 <at> debbugs.gnu.org (full text, mbox):

From: Bruno Victal <mirai <at> makinata.eu>
To: Maze <maze <at> whispers-vpn.org>
Cc: 64349 <at> debbugs.gnu.org
Subject: Re: [bug#64349] [PATH] Guix service for robust and flexible
 persistent ssh forwarding
Date: Tue, 10 Oct 2023 15:33:16 +0100

Hi,

> Missing:
> 
> * I have not started to work on control masters. When one has many
>   connections daemonized to the same remote host, there could (should?)
>   be a specialized service type extended only to serve as a control
>   master for multiple other forwarding services. It's probably not that
>   easy to program correctly.
> 
> * It only loads a private key directly from file, no ssh agent. I think
>   it's probably quite easy to add.
> 
> * I haven't even tried to make host knowing configurable the
>   slightest. No one is there to input "yes" when it starts, so I just
>   hard coded ssh command switches that should completely tame the
>   dreaded "SOMEONE MAY BE DOING SOMETHING NASTY!" and its little
>   friends. Still, in the event this module would start to have its small
>   user base, I might kind of feel bad about this and something would
>   preferably have to be done... if that can possibly be practical.
>   
> * I think it can only do point-to-point tunnels, that is to say tun
>   devices. Ssh documentation says it also can do tap devices, what they
>   call layer 2, which can support DHCP, but in trials I never could get
>   it to spit out a working tap tunnel... By using ssh for the network
>   side of the tunnel and tunctl or POSIX or whatever applicable system
>   calls from a program for the host sides of the tunnel, maybe it's
>   possible to do tap devices. It's hard, probably.
> 
> * No documentation as of yet. The author also still has to learn how to
>   write actual Texinfo docstrings for procedures, sorry about that.

Any updates regarding these items?

> * I have a test script (not shared here) but it does not plug into the
>   build system. Also, it deploys multiples VMs to test forwardings in
>   situation, which means it can do some very strong testing but it's too
>   heavy for a routine build. And the script does other things which are
>   either crazy and/or very badly written. I could never have pulled this
>   without my horrible shell script, but still, a simple script which
>   plugs into the build system would be more desirable.

Can you adapt it or write a test suite for this service? (see gnu/tests/…
for inspiration)
It makes it easier for everyone to test/review and maintain this addition.

-- 
Furthermore, I consider that nonfree software must be eradicated.

Cheers,
Bruno.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.