Several questions

[pikeas]

I'm an experienced ssh user and new to assh. I have several questions about assh, some of which may be actual issues. I'm grouping them into one issue as a first pass to keep noise down.

1. I have serveraliveinterval: 60 in my defaults. assh config list displays this as ServerAliveInterval: <. Why is it displaying < instead of 60?

2. Is support planned for ProxyJump? It's the preferred alternative to -W/nc.

3. When my assh config has a host entry with no hostname (for example. "bastion.domain.com"), assh config list displays this as user@[hostname_not_specified]. Shouldn't this fallback to displaying the given host? Currently, I need a redundant hostname key in my config to fix the output.

4. Prepending "[custom options] foo=bar" in assh config list is hard to parse visually, because regular options are at a different indent level. Could this be "foo=bar [override]" instead?

5. assh wrapper ssh doesn't support -vv. I expected this to pass through to ssh.

6. Running assh connect host.domain.com --dry-run seems to always fail with "No such available gateway", even when assh wrapper ssh host.domain.com works.

7. Is there any way to see the full ssh command generated by assh connect? Currently, "Executing proxy command: exec assh connect --port=22 host.domain.com", which helps for debugging assh problems, but not one level down for problems with ssh.

8. Why does alias create a separate entry in ~/.ssh/config? ssh already supports "Host name othername" for multiple aliases.

[moul]

Hi @pikeas, thank you for all these questions; it helps me to understand the usage and feeling of users 👍

---

1. I have ServerAliveInterval: 60 in my defaults. assh config list displays this as ServerAliveInterval: <. Why is it displaying < instead of 60?

< is the ascii representation of 60, see
so basically I need to be sure that I print integer values as integer values and not as characters

2. Is support planned for ProxyJump? It's the preferred alternative to -W/nc.a

Good idea, I need to give more tests to this feature so it can be integrated transparently in assh.
Depending on my tests, it will probably become the new default way of connecting to hosts

3. When my assh config has a host entry with no hostname (for example. "bastion.domain.com"), assh config list displays this as user@[hostname_not_specified]. Shouldn't this fallback to displaying the given host? Currently, I need a redundant hostname key in my config to fix the output.

Ok, I need to think a little bit more about doing it globally or only for hosts that aren't wildcards or regexp

Two main options:

1. always applying the host key in place of a missing Hostname
2. using host key for bare names and keeping something special for wildcards and regex

What do you think?

4. Prepending "[custom options] foo=bar" in assh config list is hard to parse visually, because regular options are at a different indent level. Could this be "foo=bar [override]" instead?

Good idea, I will do it

5. assh wrapper ssh doesn't support -vv. I expected this to pass through to ssh.

Yes, the library used to parse CLI commands does not support "Count boolean" flags yet, so I need to send a PR to this library first, or use a custom parsing just for this command

As a quick fix, you should be able to call ssh without the wrapper, i.e., by prepending a backslash before ssh to tell your shell not to use aliases: $ \ssh ...

6. Running assh connect host.domain.com --dry-run seems always to fail with "No such available gateway", even when assh wrapper ssh host.domain.com works.

That comes from the way --dry-run is developed; this option does everything normally except the network connection that will always fail

This option is particularly useful when developing, which usage do you expect from this option, as a user?

7. Is there any way to see the full ssh command generated by assh connect? Currently, "Executing proxy command: exec assh connect --port=22 host.domain.com", which helps for debugging assh problems, but not one level down for problems with ssh.

Try $ assh -D connect or $ export ASSH_DEBUG=1; assh connect

8. Why does alias create a separate entry in ~/.ssh/config? ssh already supports "Host name othername" for multiple aliases.

I can't remember if it was intentional or not; I will try to switch to the built-in alias support for assh alias and known hosts wildcard hosts

---

Thanks again for these questions
PS: I will create dedicated issues soon

[pikeas]

Thanks for the reply, @moul! Would you like separate issues for the changes in 1, 2, and 4?

3: (hostname not specified) - No strong feelings on my end about what's displayed.

5: (ssh -vv) - Thinking about it some more, this is a bigger scope than -vv. What I'm really looking for is assh wrapper ssh to look and act as much like ssh as possible, since the generated ~/.ssh/config isn't usable by ssh. That's a harder problem to solve.

6: (assh connect --dry-run) - My expectation is that this command will succeed if my config is valid, and show me what the connection will look like. When it failed, I assumed that meant I had a problem with that host. I think your answer to 7) is what I really need. :-)

8: (ssh aliases) - I've realized there's another issue here.

Example ssh config:

Host foo*.bar
    IdentityFile ~/ssh/special

Host *.bar
    User me
    IdentitifyFile ~/ssh/regular

ssh uses the first value found for each setting. This config will use the regular key for all *.bar servers but use the special key for all foo*.bar servers. But if I create the same config in assh:

hosts:
    "foo*.bar":
        identityfile: ~/ssh/special
    "*.bar":
        identityfile: ~/ssh/regular
        user: me

This generates the following config file:

Host *.bar
    IdentityFile ~/ssh/regular
    User me

Host foo*.bar
    IdentityFile ~/ssh/special

The ordering has been reversed! This will use the wrong key file for foo servers.

[moul]

Thanks for the reply, @moul! Would you like separate issues for the changes in 1, 2, and 4?

Yes, definitely! 🍰

3: (hostname not specified) - No strong feelings on my end about what's displayed.

Ok, so I will start with option 2

5: (ssh -vv) - Thinking about it some more, this is a bigger scope than -vv. What I'm really looking for is assh wrapper ssh to look and act as much like ssh as possible

Totally agree; my goal for this wrapper is to act 100% like ssh

continuing 5: since the generated ~/.ssh/config isn't usable by ssh. That's a harder problem to solve.

That's very strange, the standard ssh should always be able to use the generated ~/.ssh/config 😯

Do not hesitate to give me an example if you encounter this issue again

6: (assh connect --dry-run) - My expectation is that this command will succeed if my config is valid, and show me what the connection will look like. When it failed, I assumed that meant I had a problem with that host. I think your answer to 7) is what I really need. :-)

I think that you should be interested in this feature idea: #82

8: (ssh aliases) - I've realized there's another issue here.
[...]
The ordering has been reversed! This will use the wrong key file for foo servers.

Nice catch, you can open a new bug for this :)

[moul]

There is already an open issue for 1.: #181

[pikeas]

I've pulled out most of these into separate issues.

Regarding generated ~/.ssh/config not being compatible, here's an example of what I mean:

Host foo
    IdentityFile ~/.ssh/foo
    User foo
    # Inherits: [other]
    # Gateways: [bastion.example.com]
    # HostName: example.com

This entry is only usable by plain ssh because assh connect is set as the default ProxyCommand. Remove that and plain ssh will fail.

In other words, assh locks you in to connecting via assh, it's currently not possible to use assh only for managing ~/.ssh/config and not as a connection wrapper.

What if assh instead generated:

Host foo
    IdentityFile ~/.ssh/foo
    User foo
    ProxyJump bastion.example.com
    HostName example.com
    InheritedSetting1 a
    InheritedSetting2 b