From: Kyle Ackerman Subject: Re: add ssh -J support to commands which use network To: Lucas Gabriel Vuotto Cc: gameoftrees@openbsd.org Date: Thu, 12 Dec 2024 01:13:35 +0000 On Wednesday, December 11th, 2024 at 4:37 PM, Lucas Gabriel Vuotto wrote: > > > On Wed, Dec 11, 2024 at 09:33:54PM +0100, Stefan Sperling wrote: > > > On Wed, Dec 11, 2024 at 09:31:32PM +0100, Stefan Sperling wrote: > > > > > On Wed, Dec 11, 2024 at 06:27:53PM +0000, Lucas Gabriel Vuotto wrote: > > > > > > > On Wed, Dec 11, 2024 at 06:13:59PM +0100, Stefan Sperling wrote: > > > > > > > > > Add a -J option to got clone, fetch, send, as well as cvg clone, > > > > > update, commit. This allows ad-hoc use of SSH jumphosts without > > > > > having to create entries in ~/.ssh/config. > > > > > > > > > > For example, I found this useful when I wanted to fetch from a > > > > > IPv6-only system while borrowing an IPv4-only wifi connection. > > > > > > > > > > ok? > > > > > > > > I don't know about the potential complexity, but wouldn't it be better > > > > to have an ssh_opts in got.conf instead? Having a dedicated flag for > > > > ProxyJump feels off for me. > > > > > > But that would involve editing a configuration file, too. The point > > > is avoid that overhead when reaching the configured remote without > > > a jumphost or vpn or whatever is impossible. > > > > And adding ssh_opts to got.conf would be no different to the current > > way of setting per-remote ssh options, which is to add a Host entry > > to ~/.ssh/config with whatever options are requried and using that > > Host entry as the server URL. > > > I'd argue it's slightly different, because the remote block already > exists in got.conf, and the scope is exclusively for got operations. > > Alternatively, I believe that the Git way is GIT_SSH_COMMAND, which > also seems more reasonable to me than adding -J to a bunch of > subcommands. > > Alternatively, maybe a -o blah, with blah passed verbatim to ssh -o. > > Anyways, this is a non-blocking opinion. I consider a dedicated > ProxyJump limiting (what if I need ProxyCommand instead?) and the Not sure if Got needs to be that transparent or feature-parity to ssh. I think a good separation is command-line args helps figure out how to get to a host, the got.conf helps figure out what to do once it gets there. I would argue that Got should not allow a user to tweak ProxyCommand. A useful antidote for me is using a ssh bastion to get into my home network. Adding a command-line arg is a lot easier than consistently modifying got.conf > possiblity for something more generic, without dealing with ssh_config, > is there, quite at hand. (I concede that got send -oproxyjump=6to4 $r > doesn't looks as slick as got send -J 6to4 $r).