[ET Trac] [Einstein Toolkit] #545: Use ssh ProxyCommand instead of multiple ssh commands

Einstein Toolkit trac-noreply at einsteintoolkit.org
Fri Sep 2 23:17:58 CDT 2011 

#545: Use ssh ProxyCommand instead of multiple ssh commands
--------------------------+-------------------------------------------------
  Reporter:  eschnett     |       Owner:  eschnett
      Type:  enhancement  |      Status:  review  
  Priority:  major        |   Milestone:          
 Component:  SimFactory   |     Version:          
Resolution:               |    Keywords:          
--------------------------+-------------------------------------------------

Comment (by eschnett):

 All quoting in Simfactory (where a shell is involved) should be done via
 QuoteSafe. (This may currently not always be the case.) If there is a
 string surrounded by single quotes, then either someone "just added" them
 (and should have used QuoteSafe instead), or the were added via QuoteSafe,
 and then they don't need to be quoted again.

 No, I didn't try it -- I trust you when you say it works for you. However,
 we need to define what corner cases we need to be treated correctly (e.g.
 multiple trampolines, having a remote source base directory with a space
 in the name, etc.). We currently don't need multiple trampolines, so we
 may want to drop them. Out of curiosity: How would a recursive
 trampolining command with ProxyCommand look like? Would the nc command be
 wrapped by an ssh command with another ProxyCommand?

 The basic quoting rule is: whenever a command is constructed that will be
 passed to a shell, then each argument (except trivial ones) need to be
 quoted. For example, 'nc %h %p ...' is a command, so %h and %p should be
 quoted; however, if we assume that hostname and port number are
 reasonable, we can skip this. The whole nc command is an option to the ssh
 command, so it then needs to be quoted as a whole:

 sshopts += '-o ProxyCommand=%s' % QuoteSafe(tsshcmd)

 An empty string, when quoted, should not remain an empty string, it needs
 to become two consecutive quotes, so that (after passing it to a shell) it
 becomes an empty string again.

-- 
Ticket URL: <https://trac.einsteintoolkit.org/ticket/545#comment:4>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit

More information about the Trac mailing list