guix deploy close ssh session after each store items sent

  • Done
  • quality assurance status badge
Details
2 participants
  • Brice Waegeneire
  • Oleg Pykhalov
Owner
unassigned
Submitted by
Brice Waegeneire
Severity
normal
B
B
Brice Waegeneire wrote on 13 May 2020 18:32
(address . bug-guix@gnu.org)
0156447bb0d526cdfe42d51a154a2bd3@waegenei.re
Hey Guix,

“guix deploy” bugs; they keep coming! “guix deploy” doesn't make use of
SSH
channels[0], instead it close the SSH session each time after sending
store
items. This may be unnoticeable by users using a password-less SSH key
(bad!) or an SSH agent (better!) but for the other it mean entering the
password ~5 times per host per deployment which get old very quick. In
my
case I use a keycard that require me to physically interact with it for
each authentication request, it means multiple touch per deployment,
reducing it just one would be a great relief.

[0]:

- Brice
O
O
Oleg Pykhalov wrote on 15 May 2020 08:59
(name . Brice Waegeneire)(address . brice@waegenei.re)(address . 41238@debbugs.gnu.org)
87wo5du1id.fsf@gmail.com
Brice Waegeneire <brice@waegenei.re> writes:

Toggle quote (4 lines)
> “guix deploy” bugs; they keep coming! “guix deploy” doesn't make use of SSH
> channels[0], instead it close the SSH session each time after sending store
> items.

Did you try a built in SSH's “Control*” feature?

ssh_config (0)

ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
ControlPersist yes
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl6+PdoACgkQFn+OpQAa
+pyjMg/9F8rhtsyM7qsl2OwUoVCA593OoBGIgwbPCRlXVM3sioGm/Mi8f00rwquP
x3slw7z7mf+dhKC2txbYvwkUQUCqVeFK58PrESFNdxZLWLxOqGXmEG4gBFDwwCd6
386XqrdO9AnLcvwxBGXKtB3nfk5ojCtg8hLKbcuU7wmCCnqjBsn456daRFzclN8T
kaVa2Ge7XJhQ4ToqUiCK2xzAV3AqUv3cQFpJFghQG0RLmqFCXGVCa2ddZeLm5sDw
WGX7ZNz+opkB0EiuO3J5ols4kuT/0trcxNMZpGRTNmlIgD1I24JKl+DwI9pIarsN
W6kBwTnazplKCB0pRrIb6HE+544v3x6Ffb9rX9Pgd6Uf27uxw8QCH9npbHKQxpOv
OKpnoJfgKmskbNmVvu8gkf1NZHRQWZzgQfvYWkkNHcF1RKjx9d6svTmCknTT5UGs
4mvu5PGeli4JNinKBSKAPYXZVxuZsk2MF9nZC7EheEsRYrLt7yT0+eM+o1D7g4U6
4d6oDFJsRVWCia26nmR0RxiJ5pOtz55vZzRo2CcwWVamkS9RVmplxYP4lhIaZpPu
MVf9lV2bRD1YDpqafuVaNuQhKJSr8adV3LdeQ2gVQY2oWt7CreXeoLu1LvYpsyW4
X6A2vBxe7f2fHof2EZrwqEpZJvWKqVBzw3JmUwabEyZ0SIccsSs=
=dNiI
-----END PGP SIGNATURE-----

B
B
Brice Waegeneire wrote on 15 May 2020 09:46
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)(address . 41238@debbugs.gnu.org)
b5800a12136c40aa3311d32b053684d5@waegenei.re
On 2020-05-15 06:59, Oleg Pykhalov wrote:
Toggle quote (16 lines)
> Brice Waegeneire <brice@waegenei.re> writes:
>
>> “guix deploy” bugs; they keep coming! “guix deploy” doesn't make use
>> of SSH
>> channels[0], instead it close the SSH session each time after sending
>> store
>> items.
>
> Did you try a built in SSH's “Control*” feature?
>
> ssh_config (0)
>
> ControlMaster auto
> ControlPath ~/.ssh/master-%r@%h:%p
> ControlPersist yes

Of course, it's my default setting for SSH (and the host I tried to
deploy
to). But “guix deploy” don't support it; it's the core of the issue
here.

I didn't mention those options in the initial bug report because IFAIK
the
ssh functionality for “guix deploy” is provided by guile-ssh, a wrapper
around libssh which isn't related to OpenSSH in any way. So the
“Control*”
options doesn't apply here, instead they talk about channels and
session[0]
which seems to be the terms used in the SSH specification.

B
B
Brice Waegeneire wrote on 18 Jan 2022 08:08
(address . 41238-close@debbugs.gnu.org)
871r15tta4.fsf@waegenei.re
Hello Guix,

Brice Waegeneire <brice@waegenei.re> writes:

Toggle quote (4 lines)
> “guix deploy” bugs; they keep coming! “guix deploy” doesn't make use of SSH
> channels[0], instead it close the SSH session each time after sending store
> items.

[...]

Ludo‘ fixed the issue with the commit 7f20e59a13a6acc3331e04185b8f1ed2538dcd0a.

For posterity, here is the workaround I was using a few month ago and is now
unecessary. The session filed needed to be manually set with a call to
"openssh-ssh-session" from (guix ssh):

Toggle snippet (7 lines)
(machine-ssh-configuration
(host-name "foo")
(system "x86_64-linux")
(session (open-ssh-session "foo" #:user "root"))
(host-key "..."))

Currently the following suffice:

Toggle snippet (7 lines)
(machine-ssh-configuration
(host-name "foo")
(system "x86_64-linux")
(user "root")
(host-key "..."))

Cheers,
- Brice
?