How to configure OpenSsh through a virtual filesystem
Hello
My blog “How about a configfs with Config::Model ?” mentioned the on-going work to provide an access to configuration data through a virtual file system , i.e. through fuse.
This new feature is now working since Config::Model 1.231.
As an example, let’s see how Fuse can be used to your ssh client. I.e. how to use config-edit command to modify your ~/.ssh/config through a virtual file system. Note that this is just an example, Fuse can also be used for other configuration withan existing model.
First, you need to install Config::Model and Fuse and the fuse software.
If you’re on Debian/Sid, installing all this is straightforward:
$ sudo aptitude install libconfig-model-perl libfuse-perl
On other systems, you can use CPAN to install the Perl modules
$ cpanp i Fuse
$ cpanp i Config::Model
Hopefully, fuse library will be available through a package on your favorite repository.
Let’s start from an empty ssh configuration file.
First you need to create a directory that will be used by Fuse as a mount point:
$ mkdir my_fuse_dir
Then run config-edit-ssh (which will be changed later to “config-edit -applit ssh”):
$ config-edit-ssh -ui fuse -fuse_dir my_fuse_dir
Mounting config on my_fuse_dir in background.
Use command ‘fusermount -u my_fuse_dir’ to unmount
Now, all parameters that can be configured in `/.ssh/config are shown as files and directories in the fuse directory (the list was reduced to save electrons):
$ tree my_fuse_dir/
my_fuse_dir/
├── AddressFamily
├── BatchMode
├── BindAddress
├── ForwardX11
├── ForwardX11Trusted
[snip]
├── HashKnownHosts
├── Host
│ └── *
│ ├── ConnectionAttempts
│ [snip]
│ ├── User
│ ├── UserKnownHostsFile
│ ├── VerifyHostKeyDNS
│ ├── VisualHostKey
│ └── XAuthLocation
├── HostbasedAuthentication
├── HostKeyAlgorithms
[snip]14 directories, 119 files
Let’s say that we want to configure specific settings for 2 hosts:
- Always forward X11 on host repoman
- Connect with user foo-guest on all debian system
First step is to create the repoman entry:
$ mkdir my_fuse_dir/Host/repoman
A ‘ls’ command in that new directory will show a lot of files:
$ ls my_fuse_dir/Host/repoman
IdentityFile Protocol Tunnel
CheckHostIP ForwardX11 KbdInteractiveAuthentication ProxyCommand TunnelDevice
Lo and behold, one of them is ForwardX11 ! Let’s check what’s in there:
$ cat my_fuse_dir/Host/repoman/ForwardX11
Since the entry is new, it’s still empty.
Enabling X11Forward for repoman is quite easy:
$ echo 1 > my_fuse_dir/Host/repoman/ForwardX11
Let’s check:
$ cat my_fuse_dir/Host/repoman/ForwardX11
1
Now, unmount the fuse directory:
$ fusermount -u my_fuse_dir
And see the modified .ssh/config file:
$ cat ~/.ssh/config
Host repoman
ForwardX11 yes
You can see that ForwardX11 is indeed set to ‘yes’ for host repoman.
Last but not least, you may consider that handling files and directories through shell commands is not very easy for the end user. You’re right. But that’s not the point. The idea is to enable programmers to access and edit configuration data with any language (not only Perl). Just like a lot of program can access kernel data through /proc and /sys, configuration data can now be accessed in a unified way through this virtual file system.
May be, one day, exploring /config will be as common as exploring /sys …
All the best
