why does rsync translate user at host into '$RSYNC_RSH -l user host'?
Kevin Korb
kmk at sanitarium.net
Wed Oct 19 21:58:08 MDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/19/11 18:58, Cameron Simpson wrote:
> On 19Oct2011 12:02, Benjamin R. Haskell <rsync at benizi.com> wrote:
> | On Wed, 19 Oct 2011, Kevin Korb wrote:
> | >Because it is an even bigger joy to be able to type 'ssh newhost'
> | >and have it just work even though you can't talk to newhost. You
> | >can do that by properly configuring ssh in ~/.ssh/config with
> | >something like this:
> | >
> | >Host accessiblehost
> | > User cameron
> | >
> | >Host newhost
> | > ProxyCommand ssh accessiblehost -W %h:%p
> | > User root
> |
> | +1. Seems easier than a DIY script.
>
> You guys are kidding, surely? You hand edit your ssh configs for every
> ah doc chain of hosts you might want? So when I go:
Absolutely. If I need ssh parameters to connect to a particular sshd
then I absolutely refuse to type them more than twice. I will type them
once to figure out what I need then I will type them into the
configuration file. I consider this to be "properly configuring ssh".
To do otherwise is like having a lobotomy every time the shell prompt is
printed.
>
> for h in a b c d e; do sshto transithost!$h do_foo; done
well, I don't do bash so I will respond in csh:
foreach Host in (a b c d e)
ssh $Host do_foo
end
More importantly when I want to ssh to host "a" I simply type 'ssh a'
and it knows what username, port number, compression, and any other
thing I might need with me only needing to tell it once.
>
> you find it easier to make a bunch of ssh config clauses first, each
> with cool distinctive names? I salute your typing skills.
My ~/.ssh/config file is currently 94 lines long including comments and
blank lines. Yet it specifies special configurations for hundreds of
host names.
>
> (Besides, I wrote my first sshto tool before the ProxyCommand directive
> existed.)
That is completely valid. It is now up to you which is the easier
system to maintain.
To be completely fair...
I do not actually use the ssh_config syntax that I sent you. I only
have 1 inaccessible network that I ever have to ssh to. It is a private
IP NAT at work that handles some administrative systems. Since I
control the NAT system I forward TCP ports to each system. The private
range is 192.168.42.0/24 and I configured the NAT router to forward TCP
ports 22xxx to 192.168.42.xxx:22. Then I use the following ssh_config
entry format for each real system:
Host RealHostName RealHostName.fqdn
Compression yes
User me
Port 22xxx
HostName NAT_IP.RealDomain.tld
HostKeyAlias RealHostName.fqdn
This allows me to 'ssh RealHostName' and it just works without the added
overhead of ssh tunneling.
I currently have only 15 systems configured this way. Being a shared
web hosting provider means that most of my stuff has real IP addresses.
In fact some of my servers have hundreds of them. So I don't have to
deal with private network stuff much.
OTOH, my personal network is a private LAN with a single static IP on
the Internet. When I venture out into the world carrying my netbook I
use OpenVPN to bridge myself back into my LAN so I can talk whatever
protocols I want (including NFS) to my private IPs.
So, while I don't really know what your universe is like I still think
you are doing things the hard way.
>
> | But to answer the original question:
> |
> | >On 10/19/11 03:40, Cameron Simpson wrote:
> | >>Why does rsync believe it knows more about the use of the token
> | >>to the left of the colon than the program which will be used as
> | >>the remote connection?
> | >>
> | >>[...]
> | >>
> | >>what it invokes is:
> | >>
> | >> sshto -l cameron at accessiblehost!root newhost rsync .....
> | >>
> | >>Since sshto is my own tool I can probably have it cope with this
> | >>mangling of my target string into "-l foo bah", and undo it.
> | >>
> | >>But WHY does rsync believe this is desirable, or even necessary?
> |
> | rsync has to parse the URL you're passing. The fact that it then
> | takes that and runs something like `$RSYNC_RSH -l user host` is
> | because rsync expects it's handing the connection duties off to
> | something that uses rsh-like calling conventions. So, it's
> | "desirable" because rsh-like tools traditionally expect it.
>
> But rsh-like tools _all_ accept user at host already.
> They don't "expect" the "-l" form - they cope with it.
>
> This argument does not make it desirable unless rsh or ssh don't cope
> with user at host. Which they do.
>
> | If rsync didn't parse the URL and split it out, each tool would have
> | to do its own {user}@{host} parsing. So, it's not fully
> | "necessary". (Most of the tools probably do have that kind of
> | parsing.) It just makes things easier for tools that use the '-l'
> | convention.
>
> The point here is the rsync is presuming to know about the tool. The
> whole point of the -e and $RSYNC_RSH stuff is to use arbitrary tools.
> Having rsync pull out the user doesn't _help_ rsh or ssh, both of which
> has always (AFAIR) accepted user at host and does raise the implementation
> bar for other tools for no actual benefit.
>
> Has anyone a use case that _breaks_ if rsync doesn't pull out what it
> imagines is the "user@" part?
>
> Cheers,
- --
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
Kevin Korb Phone: (407) 252-6853
Systems Administrator Internet:
FutureQuest, Inc. Kevin at FutureQuest.net (work)
Orlando, Florida kmk at sanitarium.net (personal)
Web page: http://www.sanitarium.net/
PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6fnFAACgkQVKC1jlbQAQfUfgCeLIJe6jS0GbJRMnbrUnD19vHe
ow0AoMHxX4siBahxemcVMkVxxwXq5dEV
=WdPI
-----END PGP SIGNATURE-----
More information about the rsync
mailing list