Tries a nss hostname lookup for ssh_config entries

Question

Tries a nss hostname lookup for ssh_config entries

bernhardkaindl opened this issue 2 years ago · comments

On one of two machines I have (Linux Mint 20.2, not on Ubuntu 22.04), it tries a host name lookup thru the host's nss libraries:

3234381 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 7
3234381 connect(7, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, 16) = 0
3234381 sendmmsg(7, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\242\327\1 \0\1\0\0\0\0\0\1\nlong-paper\6balena\0\0"..., iov_len=46}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=46}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="7\352\1 \0\1\0\0\0\0\0\1\nlong-paper\6balena\0\0"..., iov_len=46}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=46}], 2, MSG_NOSIGNAL) = 2
3234381 recvfrom(7, "\242\327\201\203\0\1\0\0\0\0\0\1\nlong-paper\6balena\0\0"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, [28->16]) = 46
3234381 openat(AT_FDCWD, "/home/bk/.local/lib/libnss_myhostname.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_mymachines.so.2", O_RDONLY|O_CLOEXEC) = 7
3234381 openat(AT_FDCWD, "/run/systemd/machines/long-paper.balena", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
3234381 write(2, "Error: connection failed: failed"..., 120) = 120

(filtered just for demonstration purposes)

It exits with:
Error: connection failed: failed to create session: connection failed: dial tcp: lookup long-paper.balena: no such host

wishlist.log:

got an error: failed to create session: connection failed: dial tcp: lookup long-paper.balena: no such host

Of course, performing a host name lookup on an ssh config entry's name may succeed, but it makes no sense as only the openssh client itself is able to fully parse and implement all options specified for such entry.

Wishlist does not, e.g. it does not implement ProxyCommand and ProxyJump, which are often required to reach remote hosts.

The good thing to do would be really to just exec(ssh )

Carlos Alexandro Becker · Answer 1 · Thu Jan 05 2023 20:57:16 GMT+0800 (China Standard Time)

we can't just exec ssh because we need more control over some things, and our goal is not to fully implement all options ssh provides, that's why there are some missing ones.

I think that the DNS resolution issue might be due to netgo, you can try to compile from source (go install github.com/charmbracelet/wishlist/cmd/...@latest) and try it out.

Christian Muehlhaeuser · Answer 2 · Fri Jan 06 2023 01:52:04 GMT+0800 (China Standard Time)

Note that building with CGO_ENABLED=0 probably affects this, as it prevents you from using libc's name resolving.