Empty gateway directories being created in current working directory
stk0vrfl0w opened this issue · 5 comments
When trying to access a machine that uses a gateway, assh always creates an empty directory named after each of the gateways it had tried in the current working directory.
So, for the example assh.yml config file below, if I try to ssh to frankbastion and it goes through gateway3, there will be empty directories called gateway1, gateway2 and gateway3 created in the current working directory. Is there an option to disable directory creation? It's not necessary for my use case and pollutes my working spaces everywhere.
defaults:
LogLevel: error
ForwardAgent: yes
ServerAliveInterval: 30
StrictHostKeyChecking: no
UserKnownHostsFile: /dev/null
hosts:
gateway*:
Hostname: "%h.mycompany.io"
Inherits:
- control-template
frankbastion:
DynamicForward: 5555
Hostname: frank.mycompany.io
Inherits:
- gw-proxy
beansbastion:
DynamicForward: 6666
Hostname: beans.mycompany.io
Inherits:
- gw-proxy
templates:
control-template:
ControlMaster: auto
ControlPath: ~/.ssh/%h_control.sock
gw-proxy:
ProxyCommand: nc -q0 %h 22
Gateways:
- gateway1
- gateway2
- gateway3
Hi @stk0vrfl0w, thank you for your feedback !
I will add an option to disable this feature
For now I suggest you to move your control path in a dedicated directory, i.e: ~/.ssh/sockets/%h_control.sock (mine is ControlPath: ~/.ssh/cm/%h-%p-%r.sock)
This way all the empty directories and .sock files are only polluting a subdirectory
Thanks for the reply @moul . However, I'm fairly certain that the dedicated control path already exists. If you look at the gateway*, it inherits from control-template which sets the ControlPath and I've verified that the socket file is created in ~/.ssh/%h_control.sock upon connection to either of the bastion hosts.
Am I missing something?
Maybe this would help explain my use case scenario. In order for me to get to the FrankNetwork, I need to first go through one of the gateway systems (requiring 2-factor auth). From there, I can go to Frankbastion and then finally into the Franknetwork. Similar rules apply for BeansNetwork, etc.
+------------+
o | | -> Frankbastion -> FrankNetwork
/|\ -> | Gateways |
/ \ | | -> Beansbastion -> BeansNetwork
ControlPath +------------+
To take advantage of only having to 2-factor authenticate once for the gateways, I setup a ControlPath only to them and then have DynamicForward for bastion hosts. I'd assumed that I've written the assh.yml correctly because it seems to do what I want -- except for the fact the a temporary directory is getting created even if ControlPath is defined and getting used.
Seems that because I don't have a ControlPath defined for Frankbastion or Beansbastion, assh is automatically creating a temp directory for their defined gateways -- even though the gateway has a ControlPath defined.
I've also noted that setting ControlMaster no / ControlPath none in the defaults won't prevent the creation of the temp directory. So... let's say I do ssh 172.31.29.255/172.16.254.0, a directory called 172.16.254.0 gets created in the current working directory.
All that said, I really appreciate you adding the ability to disable the auto-creation of directories.
Hi @stk0vrfl0w, #128 should fix this problem by adding an option to disable the automatic creation of directories for gateways, I will give some tests and come back to you
It seems good to me, you can upgrade assh and try again