Skip to content

How to configure OpenSsh through a virtual filesystem

January 30, 2011

Hello

My blog “How about a configfs with Config::Model ?” mentioned the on-going work to provide an access to configuration data through a virtual file system , i.e. through fuse.

This new feature is now working since Config::Model 1.231.

As an example, let’s see how Fuse can be used to your ssh client. I.e. how to use config-edit command to modify your ~/.ssh/config through a virtual file system. Note that this is just an example, Fuse can also be used for other configuration withan existing model.

First, you need to install Config::Model and Fuse and the fuse software.

If you’re on Debian/Sid, installing all this is straightforward:

$ sudo aptitude install libconfig-model-perl libfuse-perl

On other systems, you can use CPAN to install the Perl modules

$ cpanp i Fuse
$ cpanp i Config::Model

Hopefully, fuse library will be available through a package on your favorite repository.

Let’s start from an empty ssh configuration file.

First you need to create a directory that will be used by Fuse as a mount point:

$ mkdir my_fuse_dir

Then run config-edit-ssh (which will be changed later to “config-edit -applit ssh”):

$ config-edit-ssh -ui fuse -fuse_dir my_fuse_dir
Mounting config on my_fuse_dir in background.
Use command ‘fusermount -u my_fuse_dir’ to unmount

Now, all parameters that can be configured in `/.ssh/config are shown as files and directories in the fuse directory (the list was reduced to save electrons):

$ tree my_fuse_dir/
my_fuse_dir/
├── AddressFamily
├── BatchMode
├── BindAddress
├── ForwardX11
├── ForwardX11Trusted
[snip]
├── HashKnownHosts
├── Host
│   └── *
│   ├── ConnectionAttempts
│   [snip]
│   ├── User
│   ├── UserKnownHostsFile
│   ├── VerifyHostKeyDNS
│   ├── VisualHostKey
│   └── XAuthLocation
├── HostbasedAuthentication
├── HostKeyAlgorithms
[snip]

14 directories, 119 files

Let’s say that we want to configure specific settings for 2 hosts:

  • Always forward X11 on host repoman
  • Connect with user foo-guest on all debian system

First step is to create the repoman entry:

$ mkdir my_fuse_dir/Host/repoman

A ‘ls’ command in that new directory will show a lot of files:

$ ls my_fuse_dir/Host/repoman
IdentityFile Protocol Tunnel
CheckHostIP ForwardX11 KbdInteractiveAuthentication ProxyCommand TunnelDevice

Lo and behold, one of them is ForwardX11 ! Let’s check what’s in there:

$ cat my_fuse_dir/Host/repoman/ForwardX11

Since the entry is new, it’s still empty.

Enabling X11Forward for repoman is quite easy:

$ echo 1 > my_fuse_dir/Host/repoman/ForwardX11

Let’s check:

$ cat my_fuse_dir/Host/repoman/ForwardX11
1

Now, unmount the fuse directory:

$ fusermount -u my_fuse_dir

And see the modified .ssh/config file:

$ cat ~/.ssh/config
Host repoman
ForwardX11 yes

You can see that ForwardX11 is indeed set to ‘yes’ for host repoman.

Last but not least, you may consider that handling files and directories through shell commands is not very easy for the end user. You’re right. But that’s not the point. The idea is to enable programmers to access and edit configuration data with any language (not only Perl). Just like a lot of program can access kernel data through /proc and /sys, configuration data can now be accessed in a unified way through this virtual file system.

May be, one day, exploring /config will be as common as exploring /sys …

All the best

About these ads
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: