Support for ssh_config Include Statement

mlist · January 10, 2020, 8:30am

hi,

it would be great if CoreTunnel would support/respect the Include directive from ssh_config. As an alternative, it would help to include more than one ssh_config in the settings of CT.

Include

Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like “~” references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from the system configuration file. Include directive may appear inside a Match or Host block to perform conditional inclusion.

Source: ssh_config(5).

best regards,

chris

yang · January 12, 2020, 5:01am

Hi Chris, Include directive is supported after Core Helper installed:

mlist · January 13, 2020, 7:10am

Hi Yang,
CoreHelper is installed - it doesn't work though. I'll try and gather some logs later today.
Anything obvious I could check? Settings->Advanced->Configuration is set to the default ~/.ssh/config ..
/chris

mlist · January 14, 2020, 8:58pm

I was able to reproduce the issue on a new mac, latest MacOS, Core Helper installed:

A simple SSH config consisting of 3 files

~/.ssh/config
Include ~/.ssh/lan
Include ~/.ssh/wan

~/.ssh/lan
Host alpha
Hostname 192.168.0.100
HostKeyAlias alpha
Port 22
User chris
Identityfile ~/.ssh/keyfile

~/.ssh/wan
Host beta
Hostname 192.168.0.110
HostKeyAlias beta
Port 22
User chris
Identityfile ~/.ssh/keyfile

CoreTunnel immediately goes into retrying with "connection failed".

Both equivalent ssh commands work on the commandline. Here's the log for host alpha up to "connection established"

#> ssh -4 -vvv -o ServerAliveInterval=15 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 chris@alpha

OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/chris/.ssh/config
debug3: /Users/chris/.ssh/config line 1: Including file /Users/chris/.ssh/lan depth 0
debug1: Reading configuration data /Users/chris/.ssh/lan
debug1: /Users/chris/.ssh/lan line 1: Applying options for alpha
debug3: /Users/chris/.ssh/config line 2: Including file /Users/chris/.ssh/wan depth 0
debug1: Reading configuration data /Users/chris/.ssh/wan
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.100 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.100 [192.168.0.100] port 22.
debug1: Connection established.
...

Hosts defined in ~/.ssh/config are working fine.

best regards,

chris

yang · January 15, 2020, 11:50am

Hi Chris, could you please enable debug logging in Core Tunnel and paste the log again?

This will help me identify the problem.

Thank you,

mlist · January 16, 2020, 9:47am

uhm, correct me if I'm wrong, but "debug3" will set -vvv for the command.
I've pasted the output of that up to "Connection established" in my previous post.

That's exactly my problem: CoreTunnel fails instantly while the equivalent command works. Is there a debug log for the Helper?

/chris

yang · January 16, 2020, 12:35pm

Did Core Tunnel printed any log? I understand that you've pasted log of the equivalent command, if any, could you please also paste the log of Core Tunnel?

Thanks,

mlist · February 14, 2020, 7:14am

Where can I find CoreTunnel's Log?

yang · February 14, 2020, 3:23pm

Please follow steps in this topic:

mlist · February 15, 2020, 6:00am

Here a the tunnel logs:

## TEST: wanhost ##
----------------------------------------
Equivalent Command: ssh -4 -vvv -o ServerAliveCountMax=3 -o ServerAliveInterval=15 -o ExitOnForwardFailure=yes root@wanhost
06:52:02 Connecting…
06:52:02 Using Core Helper 4.2 (r42)
06:52:02 OpenSSH_8.0p1, OpenSSL 1.0.2q  20 Nov 2018
06:52:02 debug1: Reading configuration data /Users/chris/.ssh/config
06:52:02 debug1: /Users/chris/.ssh/config line 1: include ~/.ssh/lan matched no files
06:52:02 debug1: /Users/chris/.ssh/config line 2: include ~/.ssh/wan matched no files
06:52:02 debug1: Reading configuration data /etc/ssh/ssh_config
06:52:02 debug1: /etc/ssh/ssh_config line 48: Applying options for *
06:52:02 debug2: resolving "wanhost" port 22
06:52:02 ssh: Could not resolve hostname wanhost: nodename nor servname provided, or not known
06:52:02 Abnormal Disconnect
06:52:02 Connection failed, retry after 3s…
06:52:03 Disconnected

## TEST: alpha ##

----------------------------------------
Equivalent Command: ssh -4 -vvv -o ServerAliveInterval=15 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 chris@alpha
19:53:47 Connecting…
19:53:47 Using Core Helper 4.2 (r42)
19:53:47 OpenSSH_8.0p1, OpenSSL 1.0.2q  20 Nov 2018
19:53:47 debug1: Reading configuration data /Users/chris/.ssh/config
19:53:47 debug1: /Users/chris/.ssh/config line 1: include ~/.ssh/lan matched no files
19:53:47 debug1: /Users/chris/.ssh/config line 2: include ~/.ssh/wan matched no files
19:53:47 debug1: /Users/chris/.ssh/config line 4: Applying options for alpha
19:53:47 debug1: Reading configuration data /etc/ssh/ssh_config
19:53:47 debug1: /etc/ssh/ssh_config line 48: Applying options for *
19:53:47 debug2: resolve_canonicalize: hostname 172.16.100.100 is address
19:53:47 debug2: ssh_connect_direct
19:53:47 debug1: Connecting to 172.16.100.100 [172.16.100.100] port 22.
19:53:47 debug1: Connection established.
...

ssh config scheme used for the test:

~/.ssh/config:

Include lan
Include wan

Host alpha
  Hostname 172.16.100.100
  HostKeyAlias alpha
  Port 22
  User chris
  Identityfile ~/.ssh/id_something
  UserKnownHostsFile		/dev/null
  StrictHostKeyChecking	no

~/.ssh/wan:

Host wanhost
  Hostname 172.16.100.90
  HostKeyAlias wanhost
  Port 22
  User root
  Identityfile ~/.ssh/id_something
  UserKnownHostsFile		/dev/null
  StrictHostKeyChecking	no

(~/.ssh/lan has another valid host configured but is not used here)

The equiv. command via terminal for wanhost, same config:

chris@loop:~ $ ssh -4 -vvv -o ServerAliveCountMax=3 -o ServerAliveInterval=15 -o ExitOnForwardFailure=yes root@wanhost
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/chris/.ssh/config
debug3: /Users/chris/.ssh/config line 1: Including file /Users/chris/.ssh/lan depth 0
debug1: Reading configuration data /Users/chris/.ssh/lan
debug3: /Users/chris/.ssh/config line 2: Including file /Users/chris/.ssh/wan depth 0
debug1: Reading configuration data /Users/chris/.ssh/wan
debug1: /Users/chris/.ssh/wan line 1: Applying options for wanhost
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname 172.16.100.90 is address
debug2: ssh_connect_direct
debug1: Connecting to 172.16.100.90 [172.16.100.90] port 22.
debug1: Connection established.

yang · February 15, 2020, 3:02pm

Thanks a lot for the info.

For some technology reasons, ~/.ssh/could not be parsed to your home directory (/Users/chris/) in this case. Could you please edit your ~/.ssh/config file, and change first two lines to:

Include /Users/chris/.ssh/lan
Include /Users/chris/.ssh/wan

Yang

mlist · February 17, 2020, 12:21pm

That did the trick. Thanks for your help!

yang · February 17, 2020, 3:19pm

Good to hear that

yang · July 6, 2020, 2:27am

Hi Chris, with Core Tunnel 2.2, you can use tilde (~) path in Include directive.

Please file another topic if you find it still not functioning.

Thank you,

Yang