-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use libified ssh instead fork/exec ssh #127
Comments
Cannot get libssh2 to work. pub auth with openssh sshd fails. |
Something I've noticed that is kind of nice with using exec ssh is that it honors the .ssh/config file, which means a person can add whatever kex arguments, ports, specific key files to use etc and clixon inherits it. Using a library means that clixon would need to be able to define any special options a remote host would need in the CLI. (Unless the lib can reference the config file, I don't know the answer to that). |
Hi there, a co-author of netconf-cli here. We used to rely on libnetconf2's built-in libssh support in our NETCONF client, and we migrated to forking |
Just out of curiosity what option(s) are you using with OpenSSH that's not parsed with libssh? |
Removed the prio label due to the discussion about pros and cons. Need further investigation of the original problem, maybe we can solve it using the existing solution. |
Maybe @syyyr (the original author of our code) remembers why we ended up calling I'm afraid we did that five years ago, so I don't recall all the details. When I re-read this discussion (see that link) now, it seems that the main problem was that the simple use case ("do what Just two examples from the very long discussion we had at that time:
|
@jktjkt pretty much explained it. We wanted what the openssh cli client does, and didn't want to implement that ourselves. At that time we only tried using libssh2, because that's what libnetconf2 used to use, but there might be libraries, that do what the openssh cli client does, but I don't know any. |
Current NETCOF over SSH solution when connecting from controller to devices uses a fork/exec mechanism of the ssh binary. This has several drawbacks, including data in piped stdio,, external handling of keys, etc.
The proposal is to change this to libssh or libssh2 to get a proper API and eventually a better key handling interface.
It is suspected that this solution is the cause of occasional "fragmented frame" errors when running to many devices.
The text was updated successfully, but these errors were encountered: