ssh-generator and ssh-proxy are great features, it is very handy to be
able to do:
ssh vsock/1
But, because of the '/' used as a separator, scp and rsync don't
interpret 'vsock/<CID>' as a hostname, e.g.
$ scp /etc/machine-id vsock/2222:.
cp: cannot create regular file 'vsock/2222:.': No such file or directory
$ rsync /etc/machine-id vsock/2222:.
rsync: [Receiver] change_dir#3 "(...)/vsock" failed: No such file or directory (2)
rsync error: errors selecting input/output files, dirs (code 3) at main.c(829) [Receiver=3.4.1]
An alternative is to use ',' as separator, e.g.
$ scp /etc/machine-id vsock,2222:.
This is what is being suggested here. The names with '/' are kept not to
break anything here.
Others are possible: '%', '=', '#', '@', ':', etc. As mentioned in
commit
0abd510f7f ("ssh-proxy: add ssh ProxyCommand tool that can
connect to AF_UNIX + AF_VSOCK sockets"), it is better to avoid ':' as it
is already taken by SSH itself when doing sftp, and "@" is already taken
for separating the user name. '#' will cause some issues with some
shells like ZSH when quotes are not used.
<refsynopsisdiv>
<programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
ProxyUseFdpass yes
</programlisting>
configuration fragment like the following:</para>
<programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
ProxyUseFdpass yes
CheckHostIP no
direct <constant>AF_VSOCK</constant> communication between the host and guests, and provide their own
multiplexer over <constant>AF_UNIX</constant> sockets. See
<ulink url="https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md">cloud-hypervisor VSOCK support</ulink>
- and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.</para>
+ and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.
+ Note that <literal>,</literal> can be used as a separator instead of <literal>/</literal> to be
+ compatible with tools like <literal>scp</literal> and <literal>rsync</literal>.</para>
<para>Moreover, connecting to <literal>.host</literal> will connect to the local host via SSH, without
involving networking.</para>
<programlisting>ssh unix/run/ssh-unix-local/socket</programlisting>
</example>
+
+ <example>
+ <title>Copy local 'foo' file to a local VM with CID 1348</title>
+
+ <programlisting>scp foo vsock,1348:</programlisting>
+ </example>
</refsect1>
<refsect1>
# Make sure unix/* and vsock/* can be used to connect to AF_UNIX and AF_VSOCK paths.
# Make sure machine/* can be used to connect to local machines registered in machined.
#
-Host unix/* vsock/* vsock-mux/* machine/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,* machine/* machine,*
ProxyCommand {{LIBEXECDIR}}/systemd-ssh-proxy %h %p
ProxyUseFdpass yes
CheckHostIP no
return process_vsock_cid(cid, port);
}
+static char *startswith_sep(const char *s, const char *prefix) {
+ const char *p = startswith(s, prefix);
+
+ if (p && IN_SET(*p, '/', ','))
+ return (char*) p + 1;
+
+ return NULL;
+}
+
static int run(int argc, char* argv[]) {
log_setup();
const char *host = argv[1], *port = argv[2];
- const char *p = startswith(host, "vsock/");
+ const char *p = startswith_sep(host, "vsock");
if (p)
return process_vsock_string(p, port);
- p = startswith(host, "unix/");
+ p = startswith_sep(host, "unix");
if (p)
return process_unix(p);
- p = startswith(host, "vsock-mux/");
+ p = startswith_sep(host, "vsock-mux");
if (p)
return process_vsock_mux(p, port);
- p = startswith(host, "machine/");
+ p = startswith_sep(host, "machine");
if (p)
return process_machine(p, port);
modprobe vsock_loopback ||:
if test -e /dev/vsock -a -d /sys/module/vsock_loopback ; then
ssh -o StrictHostKeyChecking=no -v -i "$ROOTID" vsock/1 cat /etc/machine-id | cmp - /etc/machine-id
+
+ if ! command -v scp &> /dev/null ; then
+ echo "scp not found, skipping subtest" >&2
+ else
+ OUT_FILE=$(mktemp -u)
+ scp -o StrictHostKeyChecking=no -v -i "$ROOTID" vsock,1:/etc/machine-id "$OUT_FILE"
+ cmp "$OUT_FILE" /etc/machine-id
+ rm -f "$OUT_FILE"
+ fi
fi
projects / thirdparty / systemd.git / commitdiff
