Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh_config blocks should be prepended to /etc/ssh/ssh_config #53

Open
neilmb opened this issue Jan 18, 2016 · 2 comments
Open

ssh_config blocks should be prepended to /etc/ssh/ssh_config #53

neilmb opened this issue Jan 18, 2016 · 2 comments
Labels
enhancement

Comments

@neilmb
Copy link

neilmb commented Jan 18, 2016

Because new Host stanzas are placed by this cookbook at the end of the file, those cannot be used to override any defaults that are present in a Host * block at the beginning of /etc/ssh/ssh_config.

man ssh_config says "Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end."

For example, if StrictHostKeyChecking ask is set in Host *, then it is impossible to turn it off with

ssh_config 'github.com' do
  options StrictHostKeyChecking: 'no'
end

I think that the ssh_config resource should add its blocks before entries that are already in the ssh_config file to make this override behavior possible.

Currently, to override defaults given in a Host * block, a workaround is required: first do

ssh_config '*' do
  action :remove
end
@tejaycar
Copy link
Collaborator

@neilmb sorry to have neglected this so long, I've been overwhelmed with other priorities. Unfortunately, what you are asking here is a breaking change. While you would like (understandably) to have entries pre-pended, others may be depending on the current behavior. Changing it will break people's code.

What I would propose is that we add a 'priority' attribute to the resource, default to a priority of 50, and then sort by priority. This would allow you more control while leaving the current behavior as the default.
Each entry's priority would then be added as a comment on the line so that it would be maintained over time. Entries missing a priority comment would be defaulted to 50
Unfortunately, I do not have time to code up such a change at this time, and probably won't for the next few months. I would be more than happy to accept a PR if you're open to tackling this, otherwise I can only ask that you be patient.

@neilmb
Copy link
Author

neilmb commented Feb 22, 2016

I can see where this would be a breaking change. The fundamental issue is that stanzas in ssh_config are ordered in their effect, but the current setup doesn't have any way to control the ordering. I think that adding "priority" is a reasonable bridge between the existing behavior and one that has a sense of order.

I have a workaround right now, so a PR is down on my priority list, but I will try to get to it when I can.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neilmb @tejaycar