Skip to content

Commit defd506

Browse files
matttbekeszybz
matttbe
authored and
keszybz
committed
ssh-proxy: add scp and rsync support
ssh-generator and ssh-proxy are great features, it is very handy to be able to do: ssh vsock/1 But, because of the '/' used as a separator, scp and rsync don't interpret 'vsock/<CID>' as a hostname, e.g. $ scp /etc/machine-id vsock/2222:. cp: cannot create regular file 'vsock/2222:.': No such file or directory $ rsync /etc/machine-id vsock/2222:. rsync: [Receiver] change_dir#3 "(...)/vsock" failed: No such file or directory (2) rsync error: errors selecting input/output files, dirs (code 3) at main.c(829) [Receiver=3.4.1] An alternative is to use ',' as separator, e.g. $ scp /etc/machine-id vsock,2222:. This is what is being suggested here. The names with '/' are kept not to break anything here. Others are possible: '%', '=', '#', '@', ':', etc. As mentioned in commit 0abd510 ("ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets"), it is better to avoid ':' as it is already taken by SSH itself when doing sftp, and "@" is already taken for separating the user name. '#' will cause some issues with some shells like ZSH when quotes are not used.
1 parent ae04218 commit defd506

File tree

4 files changed

+34
-8
lines changed

4 files changed

+34
-8
lines changed

man/systemd-ssh-proxy.xml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424

2525
<refsynopsisdiv>
2626
<programlisting>
27-
Host unix/* vsock/* vsock-mux/*
27+
Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
2828
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
2929
ProxyUseFdpass yes
3030
</programlisting>
@@ -46,7 +46,7 @@ Host unix/* vsock/* vsock-mux/*
4646
configuration fragment like the following:</para>
4747

4848
<programlisting>
49-
Host unix/* vsock/* vsock-mux/*
49+
Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
5050
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
5151
ProxyUseFdpass yes
5252
CheckHostIP no
@@ -69,7 +69,9 @@ Host .host
6969
direct <constant>AF_VSOCK</constant> communication between the host and guests, and provide their own
7070
multiplexer over <constant>AF_UNIX</constant> sockets. See
7171
<ulink url="https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md">cloud-hypervisor VSOCK support</ulink>
72-
and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.</para>
72+
and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.
73+
Note that <literal>,</literal> can be used as a separator instead of <literal>/</literal> to be
74+
compatible with tools like <literal>scp</literal> and <literal>rsync</literal>.</para>
7375

7476
<para>Moreover, connecting to <literal>.host</literal> will connect to the local host via SSH, without
7577
involving networking.</para>
@@ -113,6 +115,12 @@ Host .host
113115

114116
<programlisting>ssh unix/run/ssh-unix-local/socket</programlisting>
115117
</example>
118+
119+
<example>
120+
<title>Copy local 'foo' file to a local VM with CID 1348</title>
121+
122+
<programlisting>scp foo vsock,1348:</programlisting>
123+
</example>
116124
</refsect1>
117125

118126
<refsect1>

src/ssh-generator/20-systemd-ssh-proxy.conf.in

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ Host .host machine/.host
99
# Make sure unix/* and vsock/* can be used to connect to AF_UNIX and AF_VSOCK paths.
1010
# Make sure machine/* can be used to connect to local machines registered in machined.
1111
#
12-
Host unix/* vsock/* vsock-mux/* machine/*
12+
Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,* machine/* machine,*
1313
ProxyCommand {{LIBEXECDIR}}/systemd-ssh-proxy %h %p
1414
ProxyUseFdpass yes
1515
CheckHostIP no

src/ssh-generator/ssh-proxy.c

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,15 @@ static int process_machine(const char *machine, const char *port) {
175175
return process_vsock_cid(cid, port);
176176
}
177177

178+
static char *startswith_sep(const char *s, const char *prefix) {
179+
const char *p = startswith(s, prefix);
180+
181+
if (p && IN_SET(*p, '/', ','))
182+
return (char*) p + 1;
183+
184+
return NULL;
185+
}
186+
178187
static int run(int argc, char* argv[]) {
179188

180189
log_setup();
@@ -184,19 +193,19 @@ static int run(int argc, char* argv[]) {
184193

185194
const char *host = argv[1], *port = argv[2];
186195

187-
const char *p = startswith(host, "vsock/");
196+
const char *p = startswith_sep(host, "vsock");
188197
if (p)
189198
return process_vsock_string(p, port);
190199

191-
p = startswith(host, "unix/");
200+
p = startswith_sep(host, "unix");
192201
if (p)
193202
return process_unix(p);
194203

195-
p = startswith(host, "vsock-mux/");
204+
p = startswith_sep(host, "vsock-mux");
196205
if (p)
197206
return process_vsock_mux(p, port);
198207

199-
p = startswith(host, "machine/");
208+
p = startswith_sep(host, "machine");
200209
if (p)
201210
return process_machine(p, port);
202211

test/units/TEST-74-AUX-UTILS.ssh.sh

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,4 +61,13 @@ ssh -o StrictHostKeyChecking=no -v -i "$ROOTID" machine/.host cat /etc/machine-i
6161
modprobe vsock_loopback ||:
6262
if test -e /dev/vsock -a -d /sys/module/vsock_loopback ; then
6363
ssh -o StrictHostKeyChecking=no -v -i "$ROOTID" vsock/1 cat /etc/machine-id | cmp - /etc/machine-id
64+
65+
if ! command -v scp &> /dev/null ; then
66+
echo "scp not found, skipping subtest" >&2
67+
else
68+
OUT_FILE=$(mktemp -u)
69+
scp -o StrictHostKeyChecking=no -v -i "$ROOTID" vsock,1:/etc/machine-id "$OUT_FILE"
70+
cmp "$OUT_FILE" /etc/machine-id
71+
rm -f "$OUT_FILE"
72+
fi
6473
fi

0 commit comments

Comments
 (0)