does anyone know how to craft an SSH config using eg proxyco rancher-users #lima

Title

hundreds-crowd-93261

06/23/2022, 5:55 PM

does anyone know how to craft an SSH config using eg: proxycommand with limactl so that

ssh $lima_vm

works directly? I’ve got an ssh alias, which calls my ssh binary that handles setting TERMINFO on the remote end (for Kitty terminal) and id like to have that functionality, but it’s cumbersome to

eval "$(limactl show-ssh my-vm-name)"

fast-garage-66093

06/23/2022, 5:58 PM

idk, but why don't you define a shell alias or a small wrapper script?

hundreds-crowd-93261

06/23/2022, 6:00 PM

this is basically what you can leverage ssh proxycommand for, in many cases, and then lets you supply additional flags, etc.

i was gonna write a script but figured i would give this a shot, since ive done it before for other tools, but can’t figure it out this time 😅

fast-garage-66093

06/23/2022, 6:01 PM

Put a fixed port into your

lima.yaml

file and then copy the arguments for

show-ssh

into your proxy command?

hundreds-crowd-93261

06/23/2022, 6:11 PM

i don’t think the port is an issue

sh -c "$(/opt/homebrew/bin/limactl show-ssh docker)"

works in my shell, but this doesn’t: `~/.ssh/config`:

host docker
    ProxyCommand sh -c "$(/opt/homebrew/bin/limactl show-ssh %h)"

ssh -v docker
Pseudo-terminal will not be allocated because stdin is not a terminal.
-bash: line 1: $'SSH-2.0-OpenSSH_8.6\r': command not found

fast-garage-66093

06/23/2022, 6:19 PM

That's why I suggested a wrapper. I have a

bin/wrapper

directory at the very front of my

PATH

that modifies existing commands. A trivial example is always adding

--mmap

to the

ag

command:

#!/bin/bash
set - --mmap "$@"
exec $(type -a -P $(basename $BASH_SOURCE) | grep -v $BASH_SOURCE | head -1) "$@"

You could create a similar wrapper for

ssh

, add some heuristics to determine the host name your are connecting to, and if it matches your lima VM name, modify

$@

as necessary, or set additional environment variables or whatever.

Here is a

kubectl

wrapper that adds AWS secrets to the environment when the kubeconfig includes

aws

commands:

$ cat kubectl
#!/bin/bash

kubeconfig="${KUBECONFIG}"
if [ -z "${kubeconfig}" ]; then
    kubeconfig=$HOME/.kube/config
fi
if [ -r "${kubeconfig}" ]; then
    if grep -q "command: aws" "${kubeconfig}"; then
        export AWS_ACCESS_KEY_ID=$(kc-env get AWS_ACCESS_KEY_SPLATFORM)
        export AWS_SECRET_ACCESS_KEY=$(kc-env get AWS_SECRET_KEY_SPLATFORM)
    fi
fi

exec $(type -a -p $(basename $BASH_SOURCE) | grep -v $BASH_SOURCE | head -1) "$@"

It is a bit crude, but works for me because I typically don't have AWS clusters defined locally, so only need to inject credentials occasionally.

And I just notice that Rancher Desktop has broken this wrapper by adding itself to the front of my

PATH

. I should have used the "Manual" config option. 😄

$ type -a -p kubectl
/Users/jan/.rd/bin/kubectl
/Users/jan/Dropbox/bin/wrapper/kubectl
/usr/local/bin/kubectl

hundreds-crowd-93261

06/23/2022, 6:27 PM

i figured out what i needed

host docker
    ProxyCommand sh -c "$(limactl show-ssh %h) nc 127.0.0.1 22"

total hack though since i think this tunnels it twice

fast-garage-66093

06/23/2022, 6:30 PM

Yeah, but if it works... 🤷

hundreds-crowd-93261

06/23/2022, 6:31 PM

yet i still have issues with my terminfo 😡

ah nvm its sudo causing that issue

fast-garage-66093

06/23/2022, 6:33 PM

sudo

is the

root

cause 😄

🥁 1

🤦 1

hundreds-crowd-93261

06/23/2022, 8:57 PM

even simpler: Host docker

Host docker
    ProxyCommand limactl shell %h nc 127.0.0.1 22

and automagic:

# match lima VM names and use limactl to ssh to them
Match exec "limactl list -q | grep -q '%h'"
    ProxyCommand limactl shell %h nc 127.0.0.1 22

11 Views

#lima Join Slack