forgejo/rust-ssh2-config
1
0
Fork 0
Code Issues Activity

Adding upstream version 0.5.4.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-05-06 06:52:03 +02:00
parent 6dc19540ee
commit 19551ac12c
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
23 changed files with 6571 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.cargo_vcs_info.json Normal file
View file

@ -0,0 +1,6 @@
{
"git": {
"sha1": "ef037151a20b566fe8c9c4adc9849b4503a1f1a3"
},
"path_in_vcs": ""
}

154
CHANGELOG.md Normal file
View file

@ -0,0 +1,154 @@
# Changelog
- [Changelog](#changelog)
- [0.5.4](#054)
- [0.5.1](#051)
- [0.5.0](#050)
- [0.4.0](#040)
- [0.3.0](#030)
- [0.2.3](#023)
- [0.2.2](#022)
- [0.2.1](#021)
- [0.2.0](#020)
- [0.1.6](#016)
- [0.1.5](#015)
- [0.1.4](#014)
- [0.1.3](#013)
- [0.1.2](#012)
- [0.1.1](#011)
- [0.1.0](#010)
---
## 0.5.4
Released on 27/03/2025
- on docsrs DON'T build algos. It's not allowed by docs.rs
- added `RELOAD_SSH_ALGO` env variable to rebuild algos.
## 0.5.1
Released on 27/03/2025
- build was not included in the package. Fixed that.
## 0.5.0
Released on 27/03/2025
- [issue 22](https://github.com/veeso/ssh2-config/issues/22): should parse tokens with `=` and quotes (`"`)
- [issue 21](https://github.com/veeso/ssh2-config/issues/21): Finally fixed how parameters are applied to host patterns
- Replaced algorithms `Vec<String>` with `Algorithms` type.
- The new type is a variant with `Append`, `Head`, `Exclude` and `Set`.
- This allows to **ACTUALLY** handle algorithms correctly.
- To pass to ssh options, use `algorithms()` method
- Beware that when accessing the internal vec, you MUST care of what it means for that variant.
- Replaced `HostParams::merge` with `HostParams::overwrite_if_none` to avoid overwriting existing values.
- Added default Algorithms to the SshConfig structure. See readme for details on how to use it.
## 0.4.0
Released on 15/03/2025
- Added support for `Include` directive. <https://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#Include>
- Fixed ordering in appliance of options. **It's always top-bottom**.
- Added logging to parser. You can now disable logging by using `nolog` feature.
- `parse_default_file` is now available to Windows users
- Added `Display` and `ToString` traits for `SshConfig` which serializes the configuration into ssh2 format
## 0.3.0
Released on 19/12/2024
- thiserror `2.0`
- ‼️ **BREAKING CHANGE**: Added support for unsupported fields:
`AddressFamily, BatchMode, CanonicalDomains, CanonicalizeFallbackLock, CanonicalizeHostname, CanonicalizeMaxDots, CanonicalizePermittedCNAMEs, CheckHostIP, ClearAllForwardings, ControlMaster, ControlPath, ControlPersist, DynamicForward, EnableSSHKeysign, EscapeChar, ExitOnForwardFailure, FingerprintHash, ForkAfterAuthentication, ForwardAgent, ForwardX11, ForwardX11Timeout, ForwardX11Trusted, GatewayPorts, GlobalKnownHostsFile, GSSAPIAuthentication, GSSAPIDelegateCredentials, HashKnownHosts, HostbasedAcceptedAlgorithms, HostbasedAuthentication, HostKeyAlias, HostbasedKeyTypes, IdentitiesOnly, IdentityAgent, Include, IPQoS, KbdInteractiveAuthentication, KbdInteractiveDevices, KnownHostsCommand, LocalCommand, LocalForward, LogLevel, LogVerbose, NoHostAuthenticationForLocalhost, NumberOfPasswordPrompts, PasswordAuthentication, PermitLocalCommand, PermitRemoteOpen, PKCS11Provider, PreferredAuthentications, ProxyCommand, ProxyJump, ProxyUseFdpass, PubkeyAcceptedKeyTypes, RekeyLimit, RequestTTY, RevokedHostKeys, SecruityKeyProvider, SendEnv, ServerAliveCountMax, SessionType, SetEnv, StdinNull, StreamLocalBindMask, StrictHostKeyChecking, SyslogFacility, UpdateHostKeys, UserKnownHostsFile, VerifyHostKeyDNS, VisualHostKey, XAuthLocation`
If you want to keep the behaviour as-is, use `ParseRule::STRICT | ParseRule::ALLOW_UNSUPPORTED_FIELDS` when calling `parse()` if you were using `ParseRule::STRICT` before.
Otherwise you can now access unsupported fields by using the `unsupported_fields` field on the `HostParams` structure like this:
```rust
use ssh2_config::{ParseRule, SshConfig};
use std::fs::File;
use std::io::BufReader;
let mut reader = BufReader::new(File::open(config_path).expect("Could not open configuration file"));
let config = SshConfig::default().parse(&mut reader, ParseRule::ALLOW_UNSUPPORTED_FIELDS).expect("Failed to parse configuration");
// Query attributes for a certain host
let params = config.query("192.168.1.2");
let forwards = params.unsupported_fields.get("dynamicforward");
```
## 0.2.3
Released on 05/12/2023
- Fixed the order of appliance of configuration argument when overriding occurred. Thanks @LeoniePhiline
## 0.2.2
Released on 31/07/2023
- Exposed `ignored_fields` as `Map<String, Vec<String>>` (KeyName => Args) for `HostParams`
## 0.2.1
Released on 28/07/2023
- Added `parse_default_file` to parse directly the default ssh config file at `$HOME/.ssh/config`
- Added `get_hosts` to retrieve current configuration's hosts
## 0.2.0
Released on 09/05/2023
- Added `ParseRule` field to `parse()` method to specify some rules for parsing. ❗ To keep the behaviour as-is use `ParseRule::STRICT`
## 0.1.6
Released on 03/03/2023
- Added legacy field support
- HostbasedKeyTypes
- PubkeyAcceptedKeyTypes
## 0.1.5
Released on 27/02/2023
- Fixed comments not being properly stripped
## 0.1.4
Released on 02/02/2023
- Fixed [issue 2](https://github.com/veeso/ssh2-config/issues/2) hosts not being sorted by priority in host query
## 0.1.3
Released on 29/01/2022
- Added missing `ForwardX11Trusted` field to known fields
## 0.1.2
Released on 11/01/2022
- Implemented `IgnoreUnknown` parameter
- Added `UseKeychain` support for MacOS
## 0.1.1
Released on 02/01/2022
- Added `IdentityFile` parameter
## 0.1.0
Released on 04/12/2021
- First release

1127
Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

102
Cargo.toml Normal file
View file

@ -0,0 +1,102 @@
# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO
#
# When uploading crates to the registry Cargo will automatically
# "normalize" Cargo.toml files for maximal compatibility
# with all versions of Cargo and also rewrite `path` dependencies
# to registry (e.g., crates.io) dependencies.
#
# If you are reading this file be aware that the original Cargo.toml
# will likely look very different (and much more reasonable).
# See Cargo.toml.orig for the original contents.
[package]
edition = "2024"
name = "ssh2-config"
version = "0.5.4"
authors = ["Christian Visintin <christian.visintin@veeso.dev>"]
build = "build/main.rs"
include = [
"build/**/*",
"examples/**/*",
"src/**/*",
"LICENSE",
"README.md",
"CHANGELOG.md",
]
autolib = false
autobins = false
autoexamples = false
autotests = false
autobenches = false
description = "an ssh configuration parser for ssh2-rs"
homepage = "https://veeso.github.io/ssh2-config/"
documentation = "https://docs.rs/ssh2-config"
readme = "README.md"
keywords = [
"ssh2",
"ssh",
"ssh-config",
"ssh-config-parser",
]
categories = ["network-programming"]
license = "MIT"
repository = "https://github.com/veeso/ssh2-config"
[features]
default = []
nolog = ["log/max_level_off"]
[lib]
name = "ssh2_config"
path = "src/lib.rs"
[[example]]
name = "client"
path = "examples/client.rs"
[[example]]
name = "print"
path = "examples/print.rs"
[[example]]
name = "query"
path = "examples/query.rs"
[dependencies.bitflags]
version = "^2"
[dependencies.dirs]
version = "^6"
[dependencies.glob]
version = "0.3"
[dependencies.log]
version = "^0.4"
[dependencies.thiserror]
version = "^2"
[dependencies.wildmatch]
version = "^2"
[dev-dependencies.env_logger]
version = "^0.11"
[dev-dependencies.pretty_assertions]
version = "^1"
[dev-dependencies.rpassword]
version = "^7"
[dev-dependencies.ssh2]
version = "^0.9"
[dev-dependencies.tempfile]
version = "^3"
[build-dependencies.anyhow]
version = "1"
[build-dependencies.git2]
version = "0.20"

59
Cargo.toml.orig generated Normal file
View file

@ -0,0 +1,59 @@
[package]
authors = ["Christian Visintin <christian.visintin@veeso.dev>"]
categories = ["network-programming"]
description = "an ssh configuration parser for ssh2-rs"
documentation = "https://docs.rs/ssh2-config"
edition = "2024"
homepage = "https://veeso.github.io/ssh2-config/"
include = [
"build/**/*",
"examples/**/*",
"src/**/*",
"LICENSE",
"README.md",
"CHANGELOG.md",
]
keywords = ["ssh2", "ssh", "ssh-config", "ssh-config-parser"]
license = "MIT"
name = "ssh2-config"
readme = "README.md"
repository = "https://github.com/veeso/ssh2-config"
version = "0.5.4"
build = "build/main.rs"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
bitflags = "^2"
dirs = "^6"
log = "^0.4"
glob = "0.3"
thiserror = "^2"
wildmatch = "^2"
[dev-dependencies]
env_logger = "^0.11"
pretty_assertions = "^1"
rpassword = "^7"
ssh2 = "^0.9"
tempfile = "^3"
[build-dependencies]
anyhow = "1"
git2 = "0.20"
[features]
default = []
nolog = ["log/max_level_off"]
[[example]]
name = "client"
path = "examples/client.rs"
[[example]]
name = "query"
path = "examples/query.rs"
[[example]]
name = "print"
path = "examples/print.rs"

21
LICENSE Normal file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2021-2025 Christian Visintin
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

459
README.md Normal file
View file

@ -0,0 +1,459 @@
# ssh2-config
<p align="center">
<a href="CHANGELOG.md" target="_blank">Changelog</a>
·
<a href="#get-started" target="_blank">Get started</a>
·
<a href="https://docs.rs/ssh2-config" target="_blank">Documentation</a>
</p>
<p align="center">Developed by <a href="https://veeso.github.io/" target="_blank">@veeso</a></p>
<p align="center">Current version: 0.5.4 (27/03/2025)</p>
<p align="center">
<a href="https://opensource.org/licenses/MIT"
><img
src="https://img.shields.io/badge/License-MIT-teal.svg"
alt="License-MIT"
/></a>
<a href="https://github.com/veeso/ssh2-config/stargazers"
><img
src="https://img.shields.io/github/stars/veeso/ssh2-config.svg?style=flat&logo=github"
alt="Repo stars"
/></a>
<a href="https://crates.io/crates/ssh2-config"
><img
src="https://img.shields.io/crates/d/ssh2-config.svg"
alt="Downloads counter"
/></a>
<a href="https://crates.io/crates/ssh2-config"
><img
src="https://img.shields.io/crates/v/ssh2-config.svg"
alt="Latest version"
/></a>
<a href="https://ko-fi.com/veeso">
<img
src="https://img.shields.io/badge/donate-ko--fi-red"
alt="Ko-fi"
/></a>
</p>
<p align="center">
<a href="https://github.com/veeso/ssh2-config/actions"
><img
src="https://github.com/veeso/ssh2-config/workflows/Build/badge.svg"
alt="Build"
/></a>
<a href="https://coveralls.io/github/veeso/ssh2-config"
><img
src="https://coveralls.io/repos/github/veeso/ssh2-config/badge.svg"
alt="Coveralls"
/></a>
<a href="https://docs.rs/ssh2-config"
><img
src="https://docs.rs/ssh2-config/badge.svg"
alt="Docs"
/></a>
</p>
---
- [ssh2-config](#ssh2-config)
- [About ssh2-config](#about-ssh2-config)
- [Exposed attributes](#exposed-attributes)
- [Missing features](#missing-features)
- [Get started 🚀](#get-started-)
- [Reading unsupported fields](#reading-unsupported-fields)
- [How host parameters are resolved](#how-host-parameters-are-resolved)
- [Resolvers examples](#resolvers-examples)
- [Configuring default algorithms](#configuring-default-algorithms)
- [Examples](#examples)
- [Support the developer ☕](#support-the-developer-)
- [Contributing and issues 🤝🏻](#contributing-and-issues-)
- [Changelog ⏳](#changelog-)
- [License 📃](#license-)
---
## About ssh2-config
ssh2-config a library which provides a parser for the SSH configuration file, to be used in pair with the [ssh2](https://github.com/alexcrichton/ssh2-rs) crate.
This library provides a method to parse the configuration file and returns the configuration parsed into a structure.
The `SshConfig` structure provides all the attributes which **can** be used to configure the **ssh2 Session** and to resolve
the host, port and username.
Once the configuration has been parsed you can use the `query(&str)` method to query configuration for a certain host, based on the configured patterns.
Even if many attributes are not exposed, since not supported, there is anyway a validation of the configuration, so invalid configuration will result in a parsing error.
### Exposed attributes
- **BindAddress**: you can use this attribute to bind the socket to a certain address
- **BindInterface**: you can use this attribute to bind the socket to a certain network interface
- **CASignatureAlgorithms**: you can use this attribute to handle CA certificates
- **CertificateFile**: you can use this attribute to parse the certificate file in case is necessary
- **Ciphers**: you can use this attribute to set preferred methods with the session method `session.method_pref(MethodType::CryptCs, ...)` and `session.method_pref(MethodType::CryptSc, ...)`
- **Compression**: you can use this attribute to set whether compression is enabled with `session.set_compress(value)`
- **ConnectionAttempts**: you can use this attribute to cycle over connect in order to retry
- **ConnectTimeout**: you can use this attribute to set the connection timeout for the socket
- **HostName**: you can use this attribute to get the real name of the host to connect to
- **IdentityFile**: you can use this attribute to set the keys to try when connecting to remote host.
- **KexAlgorithms**: you can use this attribute to configure Key exchange methods with `session.method_pref(MethodType::Kex, algos.to_string().as_str())`
- **MACs**: you can use this attribute to configure the MAC algos with `session.method_pref(MethodType::MacCs, algos..to_string().as_str())` and `session.method_pref(MethodType::MacSc, algos..to_string().as_str())`
- **Port**: you can use this attribute to resolve the port to connect to
- **PubkeyAuthentication**: you can use this attribute to set whether to use the pubkey authentication
- **RemoteForward**: you can use this method to implement port forwarding with `session.channel_forward_listen()`
- **ServerAliveInterval**: you can use this method to implement keep alive message interval
- **TcpKeepAlive**: you can use this method to tell whether to send keep alive message
- **UseKeychain**: (macos only) used to tell whether to use keychain to decrypt ssh keys
- **User**: you can use this method to resolve the user to use to log in as
### Missing features
- [Match patterns](http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#Match) (Host patterns are supported!!!)
- [Tokens](http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#TOKENS)
---
## Get started 🚀
First of all, add ssh2-config to your dependencies
```toml
[dependencies]
ssh2-config = "^0.5"
```
then parse the configuration
```rust
use ssh2_config::{ParseRule, SshConfig};
use std::fs::File;
use std::io::BufReader;
let mut reader = BufReader::new(File::open(config_path).expect("Could not open configuration file"));
let config = SshConfig::default().parse(&mut reader, ParseRule::STRICT).expect("Failed to parse configuration");
// Query attributes for a certain host
let params = config.query("192.168.1.2");
```
then you can use the parsed parameters to configure the session:
```rust
use ssh2::Session;
use ssh2_config::{HostParams};
fn configure_session(session: &mut Session, params: &HostParams) {
if let Some(compress) = params.compression {
session.set_compress(compress);
}
if params.tcp_keep_alive.unwrap_or(false) && params.server_alive_interval.is_some() {
let interval = params.server_alive_interval.unwrap().as_secs() as u32;
session.set_keepalive(true, interval);
}
// KEX
if let Err(err) = session.method_pref(
MethodType::Kex,
params.kex_algorithms.algorithms().join(",").as_str(),
) {
panic!("Could not set KEX algorithms: {}", err);
}
// host key
if let Err(err) = session.method_pref(
MethodType::HostKey,
params.host_key_algorithms.algorithms().join(",").as_str(),
) {
panic!("Could not set host key algorithms: {}", err);
}
// ciphers
if let Err(err) = session.method_pref(
MethodType::CryptCs,
params.ciphers.algorithms().join(",").as_str(),
) {
panic!("Could not set crypt algorithms (client-server): {}", err);
}
if let Err(err) = session.method_pref(
MethodType::CryptSc,
params.ciphers.algorithms().join(",").as_str(),
) {
panic!("Could not set crypt algorithms (server-client): {}", err);
}
// mac
if let Err(err) = session.method_pref(
MethodType::MacCs,
params.mac.algorithms().join(",").as_str(),
) {
panic!("Could not set MAC algorithms (client-server): {}", err);
}
if let Err(err) = session.method_pref(
MethodType::MacSc,
params.mac.algorithms().join(",").as_str(),
) {
panic!("Could not set MAC algorithms (server-client): {}", err);
}
}
fn auth_with_rsakey(
session: &mut Session,
params: &HostParams,
username: &str,
password: Option<&str>
) {
for identity_file in params.identity_file.unwrap_or_default().iter() {
if let Ok(_) = session.userauth_pubkey_file(username, None, identity_file, password) {
break;
}
}
}
```
### Reading unsupported fields
As outlined above, ssh2-config does not support all parameters available in the man page of the SSH configuration file.
If you require these fields you may still access them through the `unsupported_fields` field on the `HostParams` structure like this:
```rust
use ssh2_config::{ParseRule, SshConfig};
use std::fs::File;
use std::io::BufReader;
let mut reader = BufReader::new(File::open(config_path).expect("Could not open configuration file"));
let config = SshConfig::default().parse(&mut reader, ParseRule::ALLOW_UNSUPPORTED_FIELDS).expect("Failed to parse configuration");
// Query attributes for a certain host
let params = config.query("192.168.1.2");
let forwards = params.unsupported_fields.get("dynamicforward");
```
---
## How host parameters are resolved
This topic has been debated a lot over the years, so finally since 0.5 this has been fixed to follow the official ssh configuration file rules, as described in the MAN <https://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#DESCRIPTION>.
> Unless noted otherwise, for each parameter, the first obtained value will be used. The configuration files contain sections separated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions).
>
> Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end.
This means that:
1. The first obtained value parsing the configuration top-down will be used
2. Host specific rules ARE not overriding default ones if they are not the first obtained value
3. If you want to achieve default values to be less specific than host specific ones, you should put the default values at the end of the configuration file using `Host *`.
4. Algorithms, so `KexAlgorithms`, `Ciphers`, `MACs` and `HostKeyAlgorithms` use a different resolvers which supports appending, excluding and heading insertions, as described in the man page at ciphers: <https://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#Ciphers>. They are in case appended to default algorithms, which are either fetched from the openssh source code or set with a constructor. See [configuring default algorithms](#configuring-default-algorithms) for more information.
### Resolvers examples
```ssh
Compression yes
Host 192.168.1.1
Compression no
```
If we get rules for `192.168.1.1`, compression will be `yes`, because it's the first obtained value.
```ssh
Host 192.168.1.1
Compression no
Host *
Compression yes
```
If we get rules for `192.168.1.1`, compression will be `no`, because it's the first obtained value.
If we get rules for `172.168.1.1`, compression will be `yes`, because it's the first obtained value MATCHING the host rule.
```ssh
Host 192.168.1.1
Ciphers +c
```
If we get rules for `192.168.1.1`, ciphers will be `a,b,c`, because default is set to `a,b` and `+c` means append `c` to the list.
---
## Configuring default algorithms
To reload algos, build ssh2-config with `RELOAD_SSH_ALGO` env variable set.
When you invoke `SshConfig::default`, the default algorithms are set from openssh source code, which are the following:
```txt
ca_signature_algorithms:
"ssh-ed25519",
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521",
"sk-ssh-ed25519@openssh.com",
"sk-ecdsa-sha2-nistp256@openssh.com",
"rsa-sha2-512",
"rsa-sha2-256",
ciphers:
"chacha20-poly1305@openssh.com",
"aes128-ctr,aes192-ctr,aes256-ctr",
"aes128-gcm@openssh.com,aes256-gcm@openssh.com",
host_key_algorithms:
"ssh-ed25519-cert-v01@openssh.com",
"ecdsa-sha2-nistp256-cert-v01@openssh.com",
"ecdsa-sha2-nistp384-cert-v01@openssh.com",
"ecdsa-sha2-nistp521-cert-v01@openssh.com",
"sk-ssh-ed25519-cert-v01@openssh.com",
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
"rsa-sha2-512-cert-v01@openssh.com",
"rsa-sha2-256-cert-v01@openssh.com",
"ssh-ed25519",
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521",
"sk-ssh-ed25519@openssh.com",
"sk-ecdsa-sha2-nistp256@openssh.com",
"rsa-sha2-512",
"rsa-sha2-256",
kex_algorithms:
"sntrup761x25519-sha512",
"sntrup761x25519-sha512@openssh.com",
"mlkem768x25519-sha256",
"curve25519-sha256",
"curve25519-sha256@libssh.org",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group16-sha512",
"diffie-hellman-group18-sha512",
"diffie-hellman-group14-sha256",
"ssh-ed25519-cert-v01@openssh.com",
"ecdsa-sha2-nistp256-cert-v01@openssh.com",
"ecdsa-sha2-nistp384-cert-v01@openssh.com",
"ecdsa-sha2-nistp521-cert-v01@openssh.com",
"sk-ssh-ed25519-cert-v01@openssh.com",
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
"rsa-sha2-512-cert-v01@openssh.com",
"rsa-sha2-256-cert-v01@openssh.com",
"ssh-ed25519",
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521",
"sk-ssh-ed25519@openssh.com",
"sk-ecdsa-sha2-nistp256@openssh.com",
"rsa-sha2-512",
"rsa-sha2-256",
"chacha20-poly1305@openssh.com",
"aes128-ctr,aes192-ctr,aes256-ctr",
"aes128-gcm@openssh.com,aes256-gcm@openssh.com",
"chacha20-poly1305@openssh.com",
"aes128-ctr,aes192-ctr,aes256-ctr",
"aes128-gcm@openssh.com,aes256-gcm@openssh.com",
"umac-64-etm@openssh.com",
"umac-128-etm@openssh.com",
"hmac-sha2-256-etm@openssh.com",
"hmac-sha2-512-etm@openssh.com",
"hmac-sha1-etm@openssh.com",
"umac-64@openssh.com",
"umac-128@openssh.com",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1",
"umac-64-etm@openssh.com",
"umac-128-etm@openssh.com",
"hmac-sha2-256-etm@openssh.com",
"hmac-sha2-512-etm@openssh.com",
"hmac-sha1-etm@openssh.com",
"umac-64@openssh.com",
"umac-128@openssh.com",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1",
"none,zlib@openssh.com",
"none,zlib@openssh.com",
mac:
"umac-64-etm@openssh.com",
"umac-128-etm@openssh.com",
"hmac-sha2-256-etm@openssh.com",
"hmac-sha2-512-etm@openssh.com",
"hmac-sha1-etm@openssh.com",
"umac-64@openssh.com",
"umac-128@openssh.com",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1",
pubkey_accepted_algorithms:
"ssh-ed25519-cert-v01@openssh.com",
"ecdsa-sha2-nistp256-cert-v01@openssh.com",
"ecdsa-sha2-nistp384-cert-v01@openssh.com",
"ecdsa-sha2-nistp521-cert-v01@openssh.com",
"sk-ssh-ed25519-cert-v01@openssh.com",
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
"rsa-sha2-512-cert-v01@openssh.com",
"rsa-sha2-256-cert-v01@openssh.com",
"ssh-ed25519",
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521",
"sk-ssh-ed25519@openssh.com",
"sk-ecdsa-sha2-nistp256@openssh.com",
"rsa-sha2-512",
"rsa-sha2-256",
```
If you want you can use a custom constructor `SshConfig::default().default_algorithms(prefs)` to set your own default algorithms.
---
### Examples
You can view a working examples of an implementation of ssh2-config with ssh2 in the examples folder at [client.rs](examples/client.rs).
You can run the example with
```sh
cargo run --example client -- <remote-host> [config-file-path]
```
---
## Support the developer ☕
If you like ssh2-config and you're grateful for the work I've done, please consider a little donation 🥳
You can make a donation with one of these platforms:
[![ko-fi](https://img.shields.io/badge/Ko--fi-F16061?style=for-the-badge&logo=ko-fi&logoColor=white)](https://ko-fi.com/veeso)
[![PayPal](https://img.shields.io/badge/PayPal-00457C?style=for-the-badge&logo=paypal&logoColor=white)](https://www.paypal.me/chrisintin)
---
## Contributing and issues 🤝🏻
Contributions, bug reports, new features and questions are welcome! 😉
If you have any question or concern, or you want to suggest a new feature, or you want just want to improve ssh2-config, feel free to open an issue or a PR.
Please follow [our contributing guidelines](CONTRIBUTING.md)
---
## Changelog ⏳
View ssh2-config's changelog [HERE](CHANGELOG.md)
---
## License 📃
ssh2-config is licensed under the MIT license.
You can read the entire license [HERE](LICENSE)

130
build/define_parser.rs Normal file
View file

@ -0,0 +1,130 @@
use std::collections::HashMap;
use std::io::BufRead;
struct Scope {
name: String,
tokens: Vec<String>,
}
pub fn parse_defines(reader: impl BufRead) -> anyhow::Result<HashMap<String, String>> {
let mut defines = HashMap::new();
// iterate over each line in the reader
let mut scope: Option<Scope> = None;
for line in reader.lines() {
let line = line?;
// check if the line is a define
if line.trim().starts_with("#define") {
if let Some(prev_scope) = scope.take() {
// if we have a previous scope, store it
defines.insert(prev_scope.name, prev_scope.tokens.join(" "));
}
// start a new scope
let mut tokens = line.split_whitespace();
let name = tokens
.nth(1)
.ok_or_else(|| anyhow::anyhow!("Expected a name after #define"))?
.to_string();
let mut tokens = tokens.collect::<Vec<_>>();
let mut single_line = true;
// if last token is a \; remove it
if let Some(last) = tokens.last() {
if *last == "\\" {
tokens.pop();
single_line = false;
}
}
// get tokens after the name
let mut parsed_tokens: Vec<String> = vec![];
for token in tokens {
let parsed = parse_token(&defines, token, false)?;
parsed_tokens.extend(parsed);
}
scope = Some(Scope {
name,
tokens: parsed_tokens,
});
// if is single line, push to defines and set scope to None
if single_line {
if let Some(scope) = scope.take() {
defines.insert(scope.name, scope.tokens.join(" "));
}
}
} else {
// if we are in a scope, add the line to the tokens
let Some(inner_scope) = scope.as_mut() else {
continue;
};
let tokens = line.split_whitespace();
let mut tokens: Vec<String> = tokens.map(|s| s.to_string()).collect();
// check if it ends with a \, if so, remove it
let mut last_line = true;
if let Some(last) = tokens.last() {
if last == "\\" {
tokens.pop();
last_line = false;
}
}
// parse tokens
for token in tokens {
let parsed = parse_token(&defines, &token, false)?;
inner_scope.tokens.extend(parsed);
}
// if last line, push to defines and set scope to None
if last_line {
if let Some(scope) = scope.take() {
defines.insert(scope.name, scope.tokens.join(" "));
}
}
}
}
// put last scope
if let Some(scope) = scope {
defines.insert(scope.name, scope.tokens.join(" "));
}
Ok(defines)
}
/// Parse token
fn parse_token(
defines: &HashMap<String, String>,
token: &str,
nested: bool,
) -> anyhow::Result<Vec<String>> {
let token = token.trim().trim_end_matches(',');
// if token is a define, parse it
if let Some(value) = defines.get(token) {
return parse_token(defines, value, true);
}
// otherwise, check if it is a string
if token.starts_with('"') && token.ends_with('"') {
return Ok(vec![
token[1..token.len() - 1].trim_end_matches(',').to_string(),
]);
}
// check if it is a number
if token.parse::<i64>().is_ok() {
return Ok(vec![token.to_string()]);
}
if nested {
return Ok(vec![token.to_string()]);
}
anyhow::bail!("Unknown token: {token}; defines: {defines:#?}",)
}

15
build/main.rs Normal file
View file

@ -0,0 +1,15 @@
mod define_parser;
mod openssh;
mod src_writer;
fn main() -> anyhow::Result<()> {
// If reload SSH ALGO is not set, we don't need to do anything
if std::env::var("RELOAD_SSH_ALGO").is_err() {
return Ok(());
}
let prefs = openssh::get_my_prefs()?;
src_writer::write_source(prefs)?;
Ok(())
}

88
build/openssh.rs Normal file
View file

@ -0,0 +1,88 @@
use std::path::{Path, PathBuf};
use crate::define_parser::parse_defines;
const OPENSSH_TAG: &str = "V_9_9_P2";
/// Default algorithms for ssh.
#[derive(Debug, Default, Clone, PartialEq, Eq)]
pub struct MyPrefs {
pub ca_signature_algorithms: Vec<String>,
pub ciphers: Vec<String>,
pub host_key_algorithms: Vec<String>,
pub kex_algorithms: Vec<String>,
pub mac: Vec<String>,
pub pubkey_accepted_algorithms: Vec<String>,
}
pub fn get_my_prefs() -> anyhow::Result<MyPrefs> {
let out_dir = std::env::var_os("OUT_DIR")
.map(|s| PathBuf::from(s).join("openssh"))
.ok_or_else(|| anyhow::anyhow!("OUT_DIR not set"))?;
let build_dir = out_dir.join("build");
let inner_dir = build_dir.join("src");
std::fs::remove_dir_all(&build_dir).ok();
std::fs::create_dir_all(&inner_dir).ok();
clone_openssh(&inner_dir)?;
let my_proposal_path = inner_dir.join("myproposal.h");
let reader = std::io::BufReader::new(std::fs::File::open(my_proposal_path)?);
let defines = parse_defines(reader)?;
let ca_signature_algorithms = defines
.get("SSH_ALLOWED_CA_SIGALGS")
.map(|s| s.split_whitespace().map(|s| format!(r#""{s}""#)).collect())
.unwrap_or_default();
let ciphers = defines
.get("KEX_CLIENT_ENCRYPT")
.map(|s| s.split_whitespace().map(|s| format!(r#""{s}""#)).collect())
.unwrap_or_default();
let host_key_algorithms = defines
.get("KEX_DEFAULT_PK_ALG")
.map(|s| s.split_whitespace().map(|s| format!(r#""{s}""#)).collect())
.unwrap_or_default();
let kex_algorithms = defines
.get("KEX_CLIENT")
.map(|s| s.split_whitespace().map(|s| format!(r#""{s}""#)).collect())
.unwrap_or_default();
let mac = defines
.get("KEX_CLIENT_MAC")
.map(|s| s.split_whitespace().map(|s| format!(r#""{s}""#)).collect())
.unwrap_or_default();
let pubkey_accepted_algorithms = defines
.get("KEX_DEFAULT_PK_ALG")
.map(|s| s.split_whitespace().map(|s| format!(r#""{s}""#)).collect())
.unwrap_or_default();
Ok(MyPrefs {
ca_signature_algorithms,
ciphers,
host_key_algorithms,
kex_algorithms,
mac,
pubkey_accepted_algorithms,
})
}
fn clone_openssh(path: &Path) -> anyhow::Result<()> {
let repo_url = "https://github.com/openssh/openssh-portable.git";
let repo = git2::Repository::clone(repo_url, path)?;
let obj = repo.revparse_single(OPENSSH_TAG)?;
let commit = obj.peel_to_commit()?;
repo.checkout_tree(&obj, None)?;
repo.set_head_detached(commit.id())?;
Ok(())
}

70
build/src_writer.rs Normal file
View file

@ -0,0 +1,70 @@
use std::io::Write as _;
use std::path::PathBuf;
use crate::openssh::MyPrefs;
pub fn write_source(prefs: MyPrefs) -> anyhow::Result<()> {
let SrcPaths { src_dir, src_path } = src_path();
// create dir
if !src_dir.exists() {
std::fs::create_dir_all(&src_dir)?;
}
// open file
let mut file = std::fs::File::create(src_path)?;
writeln!(
file,
r#"//! This file is autogenerated at build-time when `RELOAD_SSH_ALGO` is set to environment."#
)?;
writeln!(file)?;
writeln!(file, "use crate::DefaultAlgorithms;")?;
writeln!(file,)?;
writeln!(file, r#"/// Default algorithms for ssh."#)?;
writeln!(file, r#"pub fn defaults() -> DefaultAlgorithms {{"#)?;
writeln!(file, r#" DefaultAlgorithms {{"#)?;
write_vec(
&mut file,
"ca_signature_algorithms",
&prefs.ca_signature_algorithms,
)?;
write_vec(&mut file, "ciphers", &prefs.ciphers)?;
write_vec(&mut file, "host_key_algorithms", &prefs.host_key_algorithms)?;
write_vec(&mut file, "kex_algorithms", &prefs.kex_algorithms)?;
write_vec(&mut file, "mac", &prefs.mac)?;
write_vec(
&mut file,
"pubkey_accepted_algorithms",
&prefs.pubkey_accepted_algorithms,
)?;
writeln!(file, r#" }}"#)?;
writeln!(file, r#"}}"#)?;
Ok(())
}
fn write_vec(file: &mut std::fs::File, name: &str, vec: &[String]) -> anyhow::Result<()> {
writeln!(file, r#" {name}: vec!["#)?;
for item in vec {
writeln!(file, r#" {item}.to_string(),"#,)?;
}
writeln!(file, r#" ],"#)?;
Ok(())
}
struct SrcPaths {
src_dir: PathBuf,
src_path: PathBuf,
}
fn src_path() -> SrcPaths {
let src_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"))
.join("src")
.join("default_algorithms");
let src_path = src_dir.join("openssh.rs");
SrcPaths { src_dir, src_path }
}

190
examples/client.rs Normal file
View file

@ -0,0 +1,190 @@
//! # client
//!
//! Ssh2-config implementation with a ssh2 client
use std::env::args;
use std::fs::File;
use std::io::BufReader;
use std::net::{SocketAddr, TcpStream, ToSocketAddrs};
use std::path::{Path, PathBuf};
use std::process::exit;
use std::time::Duration;
use dirs::home_dir;
use ssh2::{MethodType, Session};
use ssh2_config::{HostParams, ParseRule, SshConfig};
fn main() {
// get args
let args: Vec<String> = args().collect();
let address = match args.get(1) {
Some(addr) => addr.to_string(),
None => {
usage();
exit(255)
}
};
// check path
let config_path = match args.get(2) {
Some(p) => PathBuf::from(p),
None => {
let mut p = home_dir().expect("Failed to get home_dir for guest OS");
p.extend(Path::new(".ssh/config"));
p
}
};
// Open config file
let config = read_config(config_path.as_path());
let params = config.query(address.as_str());
connect(address.as_str(), &params);
}
fn usage() {
eprintln!("Usage: cargo run --example client -- <address:port> [config-path]");
}
fn read_config(p: &Path) -> SshConfig {
let mut reader = match File::open(p) {
Ok(f) => BufReader::new(f),
Err(err) => panic!("Could not open file '{}': {}", p.display(), err),
};
match SshConfig::default().parse(&mut reader, ParseRule::STRICT) {
Ok(config) => config,
Err(err) => panic!("Failed to parse configuration: {}", err),
}
}
fn connect(host: &str, params: &HostParams) {
// Resolve host
let host = match params.host_name.as_deref() {
Some(h) => h,
None => host,
};
let port = params.port.unwrap_or(22);
let host = match host.contains(':') {
true => host.to_string(),
false => format!("{}:{}", host, port),
};
println!("Connecting to host {}...", host);
let socket_addresses: Vec<SocketAddr> = match host.to_socket_addrs() {
Ok(s) => s.collect(),
Err(err) => {
panic!("Could not parse host: {}", err);
}
};
let mut tcp: Option<TcpStream> = None;
// Try addresses
for socket_addr in socket_addresses.iter() {
match TcpStream::connect_timeout(
socket_addr,
params.connect_timeout.unwrap_or(Duration::from_secs(30)),
) {
Ok(stream) => {
println!("Established connection with {}", socket_addr);
tcp = Some(stream);
break;
}
Err(_) => continue,
}
}
// If stream is None, return connection timeout
let stream: TcpStream = match tcp {
Some(t) => t,
None => {
panic!("No suitable socket address found; connection timeout");
}
};
let mut session: Session = match Session::new() {
Ok(s) => s,
Err(err) => {
panic!("Could not create session: {}", err);
}
};
// Configure session
configure_session(&mut session, params);
// Connect
session.set_tcp_stream(stream);
if let Err(err) = session.handshake() {
panic!("Handshake failed: {}", err);
}
// Get username
let username = match params.user.as_ref() {
Some(u) => {
println!("Using username '{}'", u);
u.clone()
}
None => read_secret("Username: "),
};
let password = read_secret("Password: ");
if let Err(err) = session.userauth_password(username.as_str(), password.as_str()) {
panic!("Authentication failed: {}", err);
}
if let Some(banner) = session.banner() {
println!("{}", banner);
}
println!("Connection OK!");
if let Err(err) = session.disconnect(None, "mandi mandi!", None) {
panic!("Disconnection failed: {}", err);
}
}
fn configure_session(session: &mut Session, params: &HostParams) {
println!("Configuring session...");
if let Some(compress) = params.compression {
println!("compression: {}", compress);
session.set_compress(compress);
}
if params.tcp_keep_alive.unwrap_or(false) && params.server_alive_interval.is_some() {
let interval = params.server_alive_interval.unwrap().as_secs() as u32;
println!("keepalive interval: {} seconds", interval);
session.set_keepalive(true, interval);
}
// KEX
if let Err(err) = session.method_pref(
MethodType::Kex,
params.kex_algorithms.algorithms().join(",").as_str(),
) {
panic!("Could not set KEX algorithms: {}", err);
}
// host key
if let Err(err) = session.method_pref(
MethodType::HostKey,
params.host_key_algorithms.algorithms().join(",").as_str(),
) {
panic!("Could not set host key algorithms: {}", err);
}
// ciphers
if let Err(err) = session.method_pref(
MethodType::CryptCs,
params.ciphers.algorithms().join(",").as_str(),
) {
panic!("Could not set crypt algorithms (client-server): {}", err);
}
if let Err(err) = session.method_pref(
MethodType::CryptSc,
params.ciphers.algorithms().join(",").as_str(),
) {
panic!("Could not set crypt algorithms (server-client): {}", err);
}
// mac
if let Err(err) = session.method_pref(
MethodType::MacCs,
params.mac.algorithms().join(",").as_str(),
) {
panic!("Could not set MAC algorithms (client-server): {}", err);
}
if let Err(err) = session.method_pref(
MethodType::MacSc,
params.mac.algorithms().join(",").as_str(),
) {
panic!("Could not set MAC algorithms (server-client): {}", err);
}
}
fn read_secret(prompt: &str) -> String {
rpassword::prompt_password(prompt).expect("Failed to read from stdin")
}

36
examples/print.rs Normal file
View file

@ -0,0 +1,36 @@
use std::env::args;
use std::fs::File;
use std::io::BufReader;
use std::path::{Path, PathBuf};
use dirs::home_dir;
use ssh2_config::{ParseRule, SshConfig};
fn main() {
// get args
let args: Vec<String> = args().collect();
// check path
let config_path = match args.get(1) {
Some(p) => PathBuf::from(p),
None => {
let mut p = home_dir().expect("Failed to get home_dir for guest OS");
p.extend(Path::new(".ssh/config"));
p
}
};
// Open config file
let config = read_config(config_path.as_path());
println!("{config}");
}
fn read_config(p: &Path) -> SshConfig {
let mut reader = match File::open(p) {
Ok(f) => BufReader::new(f),
Err(err) => panic!("Could not open file '{}': {}", p.display(), err),
};
match SshConfig::default().parse(&mut reader, ParseRule::STRICT) {
Ok(config) => config,
Err(err) => panic!("Failed to parse configuration: {}", err),
}
}

48
examples/query.rs Normal file
View file

@ -0,0 +1,48 @@
use std::env::args;
use std::fs::File;
use std::io::BufReader;
use std::path::{Path, PathBuf};
use std::process::exit;
use dirs::home_dir;
use ssh2_config::{ParseRule, SshConfig};
fn main() {
// get args
let args: Vec<String> = args().collect();
let address = match args.get(1) {
Some(addr) => addr.to_string(),
None => {
usage();
exit(255)
}
};
// check path
let config_path = match args.get(2) {
Some(p) => PathBuf::from(p),
None => {
let mut p = home_dir().expect("Failed to get home_dir for guest OS");
p.extend(Path::new(".ssh/config"));
p
}
};
// Open config file
let config = read_config(config_path.as_path());
let params = config.query(address.as_str());
println!("Configuration for {}: {:?}", address, params);
}
fn usage() {
eprintln!("Usage: cargo run --example query -- <address> [config-path]");
}
fn read_config(p: &Path) -> SshConfig {
let mut reader = match File::open(p) {
Ok(f) => BufReader::new(f),
Err(err) => panic!("Could not open file '{}': {}", p.display(), err),
};
match SshConfig::default().parse(&mut reader, ParseRule::STRICT) {
Ok(config) => config,
Err(err) => panic!("Failed to parse configuration: {}", err),
}
}

32
src/default_algorithms.rs Normal file
View file

@ -0,0 +1,32 @@
mod openssh;
/// Default algorithms for ssh.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct DefaultAlgorithms {
pub ca_signature_algorithms: Vec<String>,
pub ciphers: Vec<String>,
pub host_key_algorithms: Vec<String>,
pub kex_algorithms: Vec<String>,
pub mac: Vec<String>,
pub pubkey_accepted_algorithms: Vec<String>,
}
impl Default for DefaultAlgorithms {
fn default() -> Self {
self::openssh::defaults()
}
}
impl DefaultAlgorithms {
/// Create a new instance of [`DefaultAlgorithms`] with empty fields.
pub fn empty() -> Self {
Self {
ca_signature_algorithms: vec![],
ciphers: vec![],
host_key_algorithms: vec![],
kex_algorithms: vec![],
mac: vec![],
pubkey_accepted_algorithms: vec![],
}
}
}

130
src/default_algorithms/openssh.rs Normal file
View file

@ -0,0 +1,130 @@
//! This file is autogenerated at build-time when `RELOAD_SSH_ALGO` is set to environment.
use crate::DefaultAlgorithms;
/// Default algorithms for ssh.
pub fn defaults() -> DefaultAlgorithms {
DefaultAlgorithms {
ca_signature_algorithms: vec![
"ssh-ed25519".to_string(),
"ecdsa-sha2-nistp256".to_string(),
"ecdsa-sha2-nistp384".to_string(),
"ecdsa-sha2-nistp521".to_string(),
"sk-ssh-ed25519@openssh.com".to_string(),
"sk-ecdsa-sha2-nistp256@openssh.com".to_string(),
"rsa-sha2-512".to_string(),
"rsa-sha2-256".to_string(),
],
ciphers: vec![
"chacha20-poly1305@openssh.com".to_string(),
"aes128-ctr,aes192-ctr,aes256-ctr".to_string(),
"aes128-gcm@openssh.com,aes256-gcm@openssh.com".to_string(),
],
host_key_algorithms: vec![
"ssh-ed25519-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp256-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp384-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp521-cert-v01@openssh.com".to_string(),
"sk-ssh-ed25519-cert-v01@openssh.com".to_string(),
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com".to_string(),
"rsa-sha2-512-cert-v01@openssh.com".to_string(),
"rsa-sha2-256-cert-v01@openssh.com".to_string(),
"ssh-ed25519".to_string(),
"ecdsa-sha2-nistp256".to_string(),
"ecdsa-sha2-nistp384".to_string(),
"ecdsa-sha2-nistp521".to_string(),
"sk-ssh-ed25519@openssh.com".to_string(),
"sk-ecdsa-sha2-nistp256@openssh.com".to_string(),
"rsa-sha2-512".to_string(),
"rsa-sha2-256".to_string(),
],
kex_algorithms: vec![
"sntrup761x25519-sha512".to_string(),
"sntrup761x25519-sha512@openssh.com".to_string(),
"mlkem768x25519-sha256".to_string(),
"curve25519-sha256".to_string(),
"curve25519-sha256@libssh.org".to_string(),
"ecdh-sha2-nistp256".to_string(),
"ecdh-sha2-nistp384".to_string(),
"ecdh-sha2-nistp521".to_string(),
"diffie-hellman-group-exchange-sha256".to_string(),
"diffie-hellman-group16-sha512".to_string(),
"diffie-hellman-group18-sha512".to_string(),
"diffie-hellman-group14-sha256".to_string(),
"ssh-ed25519-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp256-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp384-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp521-cert-v01@openssh.com".to_string(),
"sk-ssh-ed25519-cert-v01@openssh.com".to_string(),
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com".to_string(),
"rsa-sha2-512-cert-v01@openssh.com".to_string(),
"rsa-sha2-256-cert-v01@openssh.com".to_string(),
"ssh-ed25519".to_string(),
"ecdsa-sha2-nistp256".to_string(),
"ecdsa-sha2-nistp384".to_string(),
"ecdsa-sha2-nistp521".to_string(),
"sk-ssh-ed25519@openssh.com".to_string(),
"sk-ecdsa-sha2-nistp256@openssh.com".to_string(),
"rsa-sha2-512".to_string(),
"rsa-sha2-256".to_string(),
"chacha20-poly1305@openssh.com".to_string(),
"aes128-ctr,aes192-ctr,aes256-ctr".to_string(),
"aes128-gcm@openssh.com,aes256-gcm@openssh.com".to_string(),
"chacha20-poly1305@openssh.com".to_string(),
"aes128-ctr,aes192-ctr,aes256-ctr".to_string(),
"aes128-gcm@openssh.com,aes256-gcm@openssh.com".to_string(),
"umac-64-etm@openssh.com".to_string(),
"umac-128-etm@openssh.com".to_string(),
"hmac-sha2-256-etm@openssh.com".to_string(),
"hmac-sha2-512-etm@openssh.com".to_string(),
"hmac-sha1-etm@openssh.com".to_string(),
"umac-64@openssh.com".to_string(),
"umac-128@openssh.com".to_string(),
"hmac-sha2-256".to_string(),
"hmac-sha2-512".to_string(),
"hmac-sha1".to_string(),
"umac-64-etm@openssh.com".to_string(),
"umac-128-etm@openssh.com".to_string(),
"hmac-sha2-256-etm@openssh.com".to_string(),
"hmac-sha2-512-etm@openssh.com".to_string(),
"hmac-sha1-etm@openssh.com".to_string(),
"umac-64@openssh.com".to_string(),
"umac-128@openssh.com".to_string(),
"hmac-sha2-256".to_string(),
"hmac-sha2-512".to_string(),
"hmac-sha1".to_string(),
"none,zlib@openssh.com".to_string(),
"none,zlib@openssh.com".to_string(),
],
mac: vec![
"umac-64-etm@openssh.com".to_string(),
"umac-128-etm@openssh.com".to_string(),
"hmac-sha2-256-etm@openssh.com".to_string(),
"hmac-sha2-512-etm@openssh.com".to_string(),
"hmac-sha1-etm@openssh.com".to_string(),
"umac-64@openssh.com".to_string(),
"umac-128@openssh.com".to_string(),
"hmac-sha2-256".to_string(),
"hmac-sha2-512".to_string(),
"hmac-sha1".to_string(),
],
pubkey_accepted_algorithms: vec![
"ssh-ed25519-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp256-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp384-cert-v01@openssh.com".to_string(),
"ecdsa-sha2-nistp521-cert-v01@openssh.com".to_string(),
"sk-ssh-ed25519-cert-v01@openssh.com".to_string(),
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com".to_string(),
"rsa-sha2-512-cert-v01@openssh.com".to_string(),
"rsa-sha2-256-cert-v01@openssh.com".to_string(),
"ssh-ed25519".to_string(),
"ecdsa-sha2-nistp256".to_string(),
"ecdsa-sha2-nistp384".to_string(),
"ecdsa-sha2-nistp521".to_string(),
"sk-ssh-ed25519@openssh.com".to_string(),
"sk-ecdsa-sha2-nistp256@openssh.com".to_string(),
"rsa-sha2-512".to_string(),
"rsa-sha2-256".to_string(),
],
}
}

138
src/host.rs Normal file
View file

@ -0,0 +1,138 @@
//! # host
//!
//! Ssh host type
use std::fmt;
use wildmatch::WildMatch;
use super::HostParams;
/// Describes the rules to be used for a certain host
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Host {
/// List of hosts for which params are valid. String is string pattern, bool is whether condition is negated
pub pattern: Vec<HostClause>,
pub params: HostParams,
}
impl Host {
pub fn new(pattern: Vec<HostClause>, params: HostParams) -> Self {
Self { pattern, params }
}
/// Returns whether `host` argument intersects the host clauses
pub fn intersects(&self, host: &str) -> bool {
let mut has_matched = false;
for entry in self.pattern.iter() {
let matches = entry.intersects(host);
// If the entry is negated and it matches we can stop searching
if matches && entry.negated {
return false;
}
has_matched |= matches;
}
has_matched
}
}
/// Describes a single clause to match host
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct HostClause {
pub pattern: String,
pub negated: bool,
}
impl fmt::Display for HostClause {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
if self.negated {
write!(f, "!{}", self.pattern)
} else {
write!(f, "{}", self.pattern)
}
}
}
impl HostClause {
/// Creates a new `HostClause` from arguments
pub fn new(pattern: String, negated: bool) -> Self {
Self { pattern, negated }
}
/// Returns whether `host` argument intersects the clause
pub fn intersects(&self, host: &str) -> bool {
WildMatch::new(self.pattern.as_str()).matches(host)
}
}
#[cfg(test)]
mod test {
use pretty_assertions::assert_eq;
use super::*;
use crate::DefaultAlgorithms;
#[test]
fn should_build_host_clause() {
let clause = HostClause::new("192.168.1.1".to_string(), false);
assert_eq!(clause.pattern.as_str(), "192.168.1.1");
assert_eq!(clause.negated, false);
}
#[test]
fn should_intersect_host_clause() {
let clause = HostClause::new("192.168.*.*".to_string(), false);
assert!(clause.intersects("192.168.2.30"));
let clause = HostClause::new("192.168.?0.*".to_string(), false);
assert!(clause.intersects("192.168.40.28"));
}
#[test]
fn should_not_intersect_host_clause() {
let clause = HostClause::new("192.168.*.*".to_string(), false);
assert_eq!(clause.intersects("172.26.104.4"), false);
}
#[test]
fn should_init_host() {
let host = Host::new(
vec![HostClause::new("192.168.*.*".to_string(), false)],
HostParams::new(&DefaultAlgorithms::default()),
);
assert_eq!(host.pattern.len(), 1);
}
#[test]
fn should_intersect_clause() {
let host = Host::new(
vec![
HostClause::new("192.168.*.*".to_string(), false),
HostClause::new("172.26.*.*".to_string(), false),
HostClause::new("10.8.*.*".to_string(), false),
HostClause::new("10.8.0.8".to_string(), true),
],
HostParams::new(&DefaultAlgorithms::default()),
);
assert!(host.intersects("192.168.1.32"));
assert!(host.intersects("172.26.104.4"));
assert!(host.intersects("10.8.0.10"));
}
#[test]
fn should_not_intersect_clause() {
let host = Host::new(
vec![
HostClause::new("192.168.*.*".to_string(), false),
HostClause::new("172.26.*.*".to_string(), false),
HostClause::new("10.8.*.*".to_string(), false),
HostClause::new("10.8.0.8".to_string(), true),
],
HostParams::new(&DefaultAlgorithms::default()),
);
assert_eq!(host.intersects("192.169.1.32"), false);
assert_eq!(host.intersects("172.28.104.4"), false);
assert_eq!(host.intersects("10.9.0.8"), false);
assert_eq!(host.intersects("10.8.0.8"), false);
}
}

445
src/lib.rs Normal file
View file

@ -0,0 +1,445 @@
#![crate_name = "ssh2_config"]
#![crate_type = "lib"]
//! # ssh2-config
//!
//! ssh2-config a library which provides a parser for the SSH configuration file,
//! to be used in pair with the [ssh2](https://github.com/alexcrichton/ssh2-rs) crate.
//!
//! This library provides a method to parse the configuration file and returns the
//! configuration parsed into a structure.
//! The `SshConfig` structure provides all the attributes which **can** be used to configure the **ssh2 Session**
//! and to resolve the host, port and username.
//!
//! Once the configuration has been parsed you can use the `query(&str)`
//! method to query configuration for a certain host, based on the configured patterns.
//! Even if many attributes are not exposed, since not supported, there is anyway a validation of the configuration,
//! so invalid configuration will result in a parsing error.
//!
//! ## Get started
//!
//! First of you need to add **ssh2-config** to your project dependencies:
//!
//! ```toml
//! ssh2-config = "^0.5"
//! ```
//!
//! ## Example
//!
//! Here is a basic example:
//!
//! ```rust
//!
//! use ssh2::Session;
//! use ssh2_config::{HostParams, ParseRule, SshConfig};
//! use std::fs::File;
//! use std::io::BufReader;
//! use std::path::Path;
//!
//! let mut reader = BufReader::new(
//! File::open(Path::new("./assets/ssh.config"))
//! .expect("Could not open configuration file")
//! );
//!
//! let config = SshConfig::default().parse(&mut reader, ParseRule::STRICT).expect("Failed to parse configuration");
//!
//! // Query parameters for your host
//! // If there's no rule for your host, default params are returned
//! let params = config.query("192.168.1.2");
//!
//! // ...
//!
//! // serialize configuration to string
//! let s = config.to_string();
//!
//! ```
//!
//! ---
//!
//! ## How host parameters are resolved
//!
//! This topic has been debated a lot over the years, so finally since 0.5 this has been fixed to follow the official ssh configuration file rules, as described in the MAN <https://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#DESCRIPTION>.
//!
//! > Unless noted otherwise, for each parameter, the first obtained value will be used. The configuration files contain sections separated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions).
//! >
//! > Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end.
//!
//! This means that:
//!
//! 1. The first obtained value parsing the configuration top-down will be used
//! 2. Host specific rules ARE not overriding default ones if they are not the first obtained value
//! 3. If you want to achieve default values to be less specific than host specific ones, you should put the default values at the end of the configuration file using `Host *`.
//! 4. Algorithms, so `KexAlgorithms`, `Ciphers`, `MACs` and `HostKeyAlgorithms` use a different resolvers which supports appending, excluding and heading insertions, as described in the man page at ciphers: <https://man.openbsd.org/OpenBSD-current/man5/ssh_config.5#Ciphers>.
//!
//! ### Resolvers examples
//!
//! ```ssh
//! Compression yes
//!
//! Host 192.168.1.1
//! Compression no
//! ```
//!
//! If we get rules for `192.168.1.1`, compression will be `yes`, because it's the first obtained value.
//!
//! ```ssh
//! Host 192.168.1.1
//! Compression no
//!
//! Host *
//! Compression yes
//! ```
//!
//! If we get rules for `192.168.1.1`, compression will be `no`, because it's the first obtained value.
//!
//! If we get rules for `172.168.1.1`, compression will be `yes`, because it's the first obtained value MATCHING the host rule.
//!
//! ```ssh
//!
//! Host 192.168.1.1
//! Ciphers +c
//! ```
//!
//! If we get rules for `192.168.1.1`, ciphers will be `c` appended to default algorithms, which can be specified in the [`SshConfig`] constructor.
//!
//! ## Configuring default algorithms
//!
//! When you invoke [`SshConfig::default`], the default algorithms are set from openssh source code, which are the following:
//!
//! ```txt
//! ca_signature_algorithms:
//! "ssh-ed25519",
//! "ecdsa-sha2-nistp256",
//! "ecdsa-sha2-nistp384",
//! "ecdsa-sha2-nistp521",
//! "sk-ssh-ed25519@openssh.com",
//! "sk-ecdsa-sha2-nistp256@openssh.com",
//! "rsa-sha2-512",
//! "rsa-sha2-256",
//!
//! ciphers:
//! "chacha20-poly1305@openssh.com",
//! "aes128-ctr,aes192-ctr,aes256-ctr",
//! "aes128-gcm@openssh.com,aes256-gcm@openssh.com",
//!
//! host_key_algorithms:
//! "ssh-ed25519-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp256-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp384-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp521-cert-v01@openssh.com",
//! "sk-ssh-ed25519-cert-v01@openssh.com",
//! "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
//! "rsa-sha2-512-cert-v01@openssh.com",
//! "rsa-sha2-256-cert-v01@openssh.com",
//! "ssh-ed25519",
//! "ecdsa-sha2-nistp256",
//! "ecdsa-sha2-nistp384",
//! "ecdsa-sha2-nistp521",
//! "sk-ssh-ed25519@openssh.com",
//! "sk-ecdsa-sha2-nistp256@openssh.com",
//! "rsa-sha2-512",
//! "rsa-sha2-256",
//!
//! kex_algorithms:
//! "sntrup761x25519-sha512",
//! "sntrup761x25519-sha512@openssh.com",
//! "mlkem768x25519-sha256",
//! "curve25519-sha256",
//! "curve25519-sha256@libssh.org",
//! "ecdh-sha2-nistp256",
//! "ecdh-sha2-nistp384",
//! "ecdh-sha2-nistp521",
//! "diffie-hellman-group-exchange-sha256",
//! "diffie-hellman-group16-sha512",
//! "diffie-hellman-group18-sha512",
//! "diffie-hellman-group14-sha256",
//! "ssh-ed25519-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp256-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp384-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp521-cert-v01@openssh.com",
//! "sk-ssh-ed25519-cert-v01@openssh.com",
//! "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
//! "rsa-sha2-512-cert-v01@openssh.com",
//! "rsa-sha2-256-cert-v01@openssh.com",
//! "ssh-ed25519",
//! "ecdsa-sha2-nistp256",
//! "ecdsa-sha2-nistp384",
//! "ecdsa-sha2-nistp521",
//! "sk-ssh-ed25519@openssh.com",
//! "sk-ecdsa-sha2-nistp256@openssh.com",
//! "rsa-sha2-512",
//! "rsa-sha2-256",
//! "chacha20-poly1305@openssh.com",
//! "aes128-ctr,aes192-ctr,aes256-ctr",
//! "aes128-gcm@openssh.com,aes256-gcm@openssh.com",
//! "chacha20-poly1305@openssh.com",
//! "aes128-ctr,aes192-ctr,aes256-ctr",
//! "aes128-gcm@openssh.com,aes256-gcm@openssh.com",
//! "umac-64-etm@openssh.com",
//! "umac-128-etm@openssh.com",
//! "hmac-sha2-256-etm@openssh.com",
//! "hmac-sha2-512-etm@openssh.com",
//! "hmac-sha1-etm@openssh.com",
//! "umac-64@openssh.com",
//! "umac-128@openssh.com",
//! "hmac-sha2-256",
//! "hmac-sha2-512",
//! "hmac-sha1",
//! "umac-64-etm@openssh.com",
//! "umac-128-etm@openssh.com",
//! "hmac-sha2-256-etm@openssh.com",
//! "hmac-sha2-512-etm@openssh.com",
//! "hmac-sha1-etm@openssh.com",
//! "umac-64@openssh.com",
//! "umac-128@openssh.com",
//! "hmac-sha2-256",
//! "hmac-sha2-512",
//! "hmac-sha1",
//! "none,zlib@openssh.com",
//! "none,zlib@openssh.com",
//!
//! mac:
//! "umac-64-etm@openssh.com",
//! "umac-128-etm@openssh.com",
//! "hmac-sha2-256-etm@openssh.com",
//! "hmac-sha2-512-etm@openssh.com",
//! "hmac-sha1-etm@openssh.com",
//! "umac-64@openssh.com",
//! "umac-128@openssh.com",
//! "hmac-sha2-256",
//! "hmac-sha2-512",
//! "hmac-sha1",
//!
//! pubkey_accepted_algorithms:
//! "ssh-ed25519-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp256-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp384-cert-v01@openssh.com",
//! "ecdsa-sha2-nistp521-cert-v01@openssh.com",
//! "sk-ssh-ed25519-cert-v01@openssh.com",
//! "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com",
//! "rsa-sha2-512-cert-v01@openssh.com",
//! "rsa-sha2-256-cert-v01@openssh.com",
//! "ssh-ed25519",
//! "ecdsa-sha2-nistp256",
//! "ecdsa-sha2-nistp384",
//! "ecdsa-sha2-nistp521",
//! "sk-ssh-ed25519@openssh.com",
//! "sk-ecdsa-sha2-nistp256@openssh.com",
//! "rsa-sha2-512",
//! "rsa-sha2-256",
//! ```
//!
//! If you want you can use a custom constructor [`SshConfig::default_algorithms`] to set your own default algorithms.
#![doc(html_playground_url = "https://play.rust-lang.org")]
#[macro_use]
extern crate log;
use std::fmt;
use std::fs::File;
use std::io::{self, BufRead, BufReader};
use std::path::PathBuf;
use std::time::Duration;
// -- modules
mod default_algorithms;
mod host;
mod params;
mod parser;
mod serializer;
// -- export
pub use self::default_algorithms::DefaultAlgorithms;
pub use self::host::{Host, HostClause};
pub use self::params::{Algorithms, HostParams};
pub use self::parser::{ParseRule, SshParserError, SshParserResult};
/// Describes the ssh configuration.
/// Configuration is described in this document: <http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5>
#[derive(Debug, Clone, PartialEq, Eq, Default)]
pub struct SshConfig {
/// Default algorithms for ssh.
default_algorithms: DefaultAlgorithms,
/// Rulesets for hosts.
/// Default config will be stored with key `*`
hosts: Vec<Host>,
}
impl fmt::Display for SshConfig {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
serializer::SshConfigSerializer::from(self).serialize(f)
}
}
impl SshConfig {
/// Query params for a certain host. Returns [`HostParams`] for the host.
pub fn query<S: AsRef<str>>(&self, pattern: S) -> HostParams {
let mut params = HostParams::new(&self.default_algorithms);
// iter keys, overwrite if None top-down
for host in self.hosts.iter() {
if host.intersects(pattern.as_ref()) {
debug!(
"Merging params for host: {:?} into params {params:?}",
host.pattern
);
params.overwrite_if_none(&host.params);
trace!("Params after merge: {params:?}");
}
}
// return calculated params
params
}
/// Get an iterator over the [`Host`]s which intersect with the given host pattern
pub fn intersecting_hosts(&self, pattern: &str) -> impl Iterator<Item = &'_ Host> {
self.hosts.iter().filter(|host| host.intersects(pattern))
}
/// Set default algorithms for ssh.
///
/// If you want to use the default algorithms from the system, you can use the `Default::default()` method.
pub fn default_algorithms(mut self, algos: DefaultAlgorithms) -> Self {
self.default_algorithms = algos;
self
}
/// Parse [`SshConfig`] from stream which implements [`BufRead`] and return parsed configuration or parser error
///
/// ## Example
///
/// ```rust,ignore
/// let mut reader = BufReader::new(
/// File::open(Path::new("./assets/ssh.config"))
/// .expect("Could not open configuration file")
/// );
///
/// let config = SshConfig::default().parse(&mut reader, ParseRule::STRICT).expect("Failed to parse configuration");
/// ```
pub fn parse(mut self, reader: &mut impl BufRead, rules: ParseRule) -> SshParserResult<Self> {
parser::SshConfigParser::parse(&mut self, reader, rules).map(|_| self)
}
/// Parse `~/.ssh/config`` file and return parsed configuration [`SshConfig`] or parser error
pub fn parse_default_file(rules: ParseRule) -> SshParserResult<Self> {
let ssh_folder = dirs::home_dir()
.ok_or_else(|| {
SshParserError::Io(io::Error::new(
io::ErrorKind::NotFound,
"Home folder not found",
))
})?
.join(".ssh");
let mut reader =
BufReader::new(File::open(ssh_folder.join("config")).map_err(SshParserError::Io)?);
Self::default().parse(&mut reader, rules)
}
/// Get list of [`Host`]s in the configuration
pub fn get_hosts(&self) -> &Vec<Host> {
&self.hosts
}
}
#[cfg(test)]
fn test_log() {
use std::sync::Once;
static INIT: Once = Once::new();
INIT.call_once(|| {
let _ = env_logger::builder()
.filter_level(log::LevelFilter::Trace)
.is_test(true)
.try_init();
});
}
#[cfg(test)]
mod test {
use pretty_assertions::assert_eq;
use super::*;
#[test]
fn should_init_ssh_config() {
test_log();
let config = SshConfig::default();
assert_eq!(config.hosts.len(), 0);
assert_eq!(
config.query("192.168.1.2"),
HostParams::new(&DefaultAlgorithms::default())
);
}
#[test]
fn should_parse_default_config() -> Result<(), parser::SshParserError> {
test_log();
let _config = SshConfig::parse_default_file(ParseRule::ALLOW_UNKNOWN_FIELDS)?;
Ok(())
}
#[test]
fn should_parse_config() -> Result<(), parser::SshParserError> {
test_log();
use std::fs::File;
use std::io::BufReader;
use std::path::Path;
let mut reader = BufReader::new(
File::open(Path::new("./assets/ssh.config"))
.expect("Could not open configuration file"),
);
SshConfig::default().parse(&mut reader, ParseRule::STRICT)?;
Ok(())
}
#[test]
fn should_query_ssh_config() {
test_log();
let mut config = SshConfig::default();
// add config
let mut params1 = HostParams::new(&DefaultAlgorithms::default());
params1.bind_address = Some("0.0.0.0".to_string());
config.hosts.push(Host::new(
vec![HostClause::new(String::from("192.168.*.*"), false)],
params1.clone(),
));
let mut params2 = HostParams::new(&DefaultAlgorithms::default());
params2.bind_interface = Some(String::from("tun0"));
config.hosts.push(Host::new(
vec![HostClause::new(String::from("192.168.10.*"), false)],
params2.clone(),
));
let mut params3 = HostParams::new(&DefaultAlgorithms::default());
params3.host_name = Some("172.26.104.4".to_string());
config.hosts.push(Host::new(
vec![
HostClause::new(String::from("172.26.*.*"), false),
HostClause::new(String::from("172.26.104.4"), true),
],
params3.clone(),
));
// Query
assert_eq!(config.query("192.168.1.32"), params1);
// merged case
params1.overwrite_if_none(&params2);
assert_eq!(config.query("192.168.10.1"), params1);
// Negated case
assert_eq!(config.query("172.26.254.1"), params3);
assert_eq!(
config.query("172.26.104.4"),
HostParams::new(&DefaultAlgorithms::default())
);
}
}

257
src/params.rs Normal file
View file

@ -0,0 +1,257 @@
//! # params
//!
//! Ssh config params for host rule
mod algos;
use std::collections::HashMap;
pub use self::algos::Algorithms;
pub(crate) use self::algos::AlgorithmsRule;
use super::{Duration, PathBuf};
use crate::DefaultAlgorithms;
/// Describes the ssh configuration.
/// Configuration is describes in this document: <http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5>
/// Only arguments supported by libssh2 are implemented
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct HostParams {
/// Specifies to use the specified address on the local machine as the source address of the connection
pub bind_address: Option<String>,
/// Use the specified address on the local machine as the source address of the connection
pub bind_interface: Option<String>,
/// Specifies which algorithms are allowed for signing of certificates by certificate authorities
pub ca_signature_algorithms: Algorithms,
/// Specifies a file from which the user's certificate is read
pub certificate_file: Option<PathBuf>,
/// Specifies the ciphers allowed for protocol version 2 in order of preference
pub ciphers: Algorithms,
/// Specifies whether to use compression
pub compression: Option<bool>,
/// Specifies the number of attempts to make before exiting
pub connection_attempts: Option<usize>,
/// Specifies the timeout used when connecting to the SSH server
pub connect_timeout: Option<Duration>,
/// Specifies the host key signature algorithms that the client wants to use in order of preference
pub host_key_algorithms: Algorithms,
/// Specifies the real host name to log into
pub host_name: Option<String>,
/// Specifies the path of the identity file to be used when authenticating.
/// More than one file can be specified.
/// If more than one file is specified, they will be read in order
pub identity_file: Option<Vec<PathBuf>>,
/// Specifies a pattern-list of unknown options to be ignored if they are encountered in configuration parsing
pub ignore_unknown: Option<Vec<String>>,
/// Specifies the available KEX (Key Exchange) algorithms
pub kex_algorithms: Algorithms,
/// Specifies the MAC (message authentication code) algorithms in order of preference
pub mac: Algorithms,
/// Specifies the port number to connect on the remote host.
pub port: Option<u16>,
/// Specifies the signature algorithms that will be used for public key authentication
pub pubkey_accepted_algorithms: Algorithms,
/// Specifies whether to try public key authentication using SSH keys
pub pubkey_authentication: Option<bool>,
/// Specifies that a TCP port on the remote machine be forwarded over the secure channel
pub remote_forward: Option<u16>,
/// Sets a timeout interval in seconds after which if no data has been received from the server, keep alive will be sent
pub server_alive_interval: Option<Duration>,
/// Specifies whether to send TCP keepalives to the other side
pub tcp_keep_alive: Option<bool>,
#[cfg(target_os = "macos")]
/// specifies whether the system should search for passphrases in the user's keychain when attempting to use a particular key
pub use_keychain: Option<bool>,
/// Specifies the user to log in as.
pub user: Option<String>,
/// fields that the parser wasn't able to parse
pub ignored_fields: HashMap<String, Vec<String>>,
/// fields that the parser was able to parse but ignored
pub unsupported_fields: HashMap<String, Vec<String>>,
}
impl HostParams {
/// Create a new [`HostParams`] object with the [`DefaultAlgorithms`]
pub fn new(default_algorithms: &DefaultAlgorithms) -> Self {
Self {
bind_address: None,
bind_interface: None,
ca_signature_algorithms: Algorithms::new(&default_algorithms.ca_signature_algorithms),
certificate_file: None,
ciphers: Algorithms::new(&default_algorithms.ciphers),
compression: None,
connection_attempts: None,
connect_timeout: None,
host_key_algorithms: Algorithms::new(&default_algorithms.host_key_algorithms),
host_name: None,
identity_file: None,
ignore_unknown: None,
kex_algorithms: Algorithms::new(&default_algorithms.kex_algorithms),
mac: Algorithms::new(&default_algorithms.mac),
port: None,
pubkey_accepted_algorithms: Algorithms::new(
&default_algorithms.pubkey_accepted_algorithms,
),
pubkey_authentication: None,
remote_forward: None,
server_alive_interval: None,
tcp_keep_alive: None,
#[cfg(target_os = "macos")]
use_keychain: None,
user: None,
ignored_fields: HashMap::new(),
unsupported_fields: HashMap::new(),
}
}
/// Return whether a certain `param` is in the ignored list
pub(crate) fn ignored(&self, param: &str) -> bool {
self.ignore_unknown
.as_ref()
.map(|x| x.iter().any(|x| x.as_str() == param))
.unwrap_or(false)
}
/// Given a [`HostParams`] object `b`, it will overwrite all the params from `self` only if they are [`None`]
pub fn overwrite_if_none(&mut self, b: &Self) {
self.bind_address = self.bind_address.clone().or_else(|| b.bind_address.clone());
self.bind_interface = self
.bind_interface
.clone()
.or_else(|| b.bind_interface.clone());
self.certificate_file = self
.certificate_file
.clone()
.or_else(|| b.certificate_file.clone());
self.compression = self.compression.or(b.compression);
self.connection_attempts = self.connection_attempts.or(b.connection_attempts);
self.connect_timeout = self.connect_timeout.or(b.connect_timeout);
self.host_name = self.host_name.clone().or_else(|| b.host_name.clone());
self.identity_file = self
.identity_file
.clone()
.or_else(|| b.identity_file.clone());
self.ignore_unknown = self
.ignore_unknown
.clone()
.or_else(|| b.ignore_unknown.clone());
self.port = self.port.or(b.port);
self.pubkey_authentication = self.pubkey_authentication.or(b.pubkey_authentication);
self.remote_forward = self.remote_forward.or(b.remote_forward);
self.server_alive_interval = self.server_alive_interval.or(b.server_alive_interval);
#[cfg(target_os = "macos")]
{
self.use_keychain = self.use_keychain.or(b.use_keychain);
}
self.tcp_keep_alive = self.tcp_keep_alive.or(b.tcp_keep_alive);
self.user = self.user.clone().or_else(|| b.user.clone());
for (ignored_field, args) in &b.ignored_fields {
if !self.ignored_fields.contains_key(ignored_field) {
self.ignored_fields
.insert(ignored_field.to_owned(), args.to_owned());
}
}
for (unsupported_field, args) in &b.unsupported_fields {
if !self.unsupported_fields.contains_key(unsupported_field) {
self.unsupported_fields
.insert(unsupported_field.to_owned(), args.to_owned());
}
}
// merge algos if default and b is not default
if self.ca_signature_algorithms.is_default() && !b.ca_signature_algorithms.is_default() {
self.ca_signature_algorithms = b.ca_signature_algorithms.clone();
}
if self.ciphers.is_default() && !b.ciphers.is_default() {
self.ciphers = b.ciphers.clone();
}
if self.host_key_algorithms.is_default() && !b.host_key_algorithms.is_default() {
self.host_key_algorithms = b.host_key_algorithms.clone();
}
if self.kex_algorithms.is_default() && !b.kex_algorithms.is_default() {
self.kex_algorithms = b.kex_algorithms.clone();
}
if self.mac.is_default() && !b.mac.is_default() {
self.mac = b.mac.clone();
}
if self.pubkey_accepted_algorithms.is_default()
&& !b.pubkey_accepted_algorithms.is_default()
{
self.pubkey_accepted_algorithms = b.pubkey_accepted_algorithms.clone();
}
}
}
#[cfg(test)]
mod test {
use std::str::FromStr;
use pretty_assertions::assert_eq;
use super::*;
use crate::params::algos::AlgorithmsRule;
#[test]
fn should_initialize_params() {
let params = HostParams::new(&DefaultAlgorithms::default());
assert!(params.bind_address.is_none());
assert!(params.bind_interface.is_none());
assert_eq!(
params.ca_signature_algorithms.algorithms(),
DefaultAlgorithms::default().ca_signature_algorithms
);
assert!(params.certificate_file.is_none());
assert_eq!(
params.ciphers.algorithms(),
DefaultAlgorithms::default().ciphers
);
assert!(params.compression.is_none());
assert!(params.connection_attempts.is_none());
assert!(params.connect_timeout.is_none());
assert_eq!(
params.host_key_algorithms.algorithms(),
DefaultAlgorithms::default().host_key_algorithms
);
assert!(params.host_name.is_none());
assert!(params.identity_file.is_none());
assert!(params.ignore_unknown.is_none());
assert_eq!(
params.kex_algorithms.algorithms(),
DefaultAlgorithms::default().kex_algorithms
);
assert_eq!(params.mac.algorithms(), DefaultAlgorithms::default().mac);
assert!(params.port.is_none());
assert_eq!(
params.pubkey_accepted_algorithms.algorithms(),
DefaultAlgorithms::default().pubkey_accepted_algorithms
);
assert!(params.pubkey_authentication.is_none());
assert!(params.remote_forward.is_none());
assert!(params.server_alive_interval.is_none());
#[cfg(target_os = "macos")]
assert!(params.use_keychain.is_none());
assert!(params.tcp_keep_alive.is_none());
}
#[test]
fn test_should_overwrite_if_none() {
let mut params = HostParams::new(&DefaultAlgorithms::default());
params.bind_address = Some(String::from("pippo"));
let mut b = HostParams::new(&DefaultAlgorithms::default());
b.bind_address = Some(String::from("pluto"));
b.bind_interface = Some(String::from("tun0"));
b.ciphers
.apply(AlgorithmsRule::from_str("c,d").expect("parse error"));
params.overwrite_if_none(&b);
assert_eq!(params.bind_address.unwrap(), "pippo");
assert_eq!(params.bind_interface.unwrap(), "tun0");
// algos
assert_eq!(
params.ciphers.algorithms(),
vec!["c".to_string(), "d".to_string()]
);
}
}

366
src/params/algos.rs Normal file
View file

@ -0,0 +1,366 @@
use std::fmt;
use std::str::FromStr;
use crate::SshParserError;
const ID_APPEND: char = '+';
const ID_HEAD: char = '^';
const ID_EXCLUDE: char = '-';
/// List of algorithms to be used.
/// The algorithms can be appended to the default set, placed at the head of the list,
/// excluded from the default set, or set as the default set.
///
/// # Configuring SSH Algorithms
///
/// In order to configure ssh you should use the `to_string()` method to get the string representation
/// with the correct format for ssh2.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Algorithms {
/// Algorithms to be used.
algos: Vec<String>,
/// whether the default algorithms have been overridden
overridden: bool,
/// applied rule
rule: Option<AlgorithmsRule>,
}
impl Algorithms {
/// Create a new instance of [`Algorithms`] with the given default algorithms.
///
/// ## Example
///
/// ```rust
/// use ssh2_config::Algorithms;
///
/// let algos = Algorithms::new(&["aes128-ctr", "aes192-ctr"]);
/// ```
pub fn new<I, S>(default: I) -> Self
where
I: IntoIterator<Item = S>,
S: AsRef<str>,
{
Self {
algos: default
.into_iter()
.map(|s| s.as_ref().to_string())
.collect(),
overridden: false,
rule: None,
}
}
}
/// List of algorithms to be used.
/// The algorithms can be appended to the default set, placed at the head of the list,
/// excluded from the default set, or set as the default set.
///
/// # Configuring SSH Algorithms
///
/// In order to configure ssh you should use the `to_string()` method to get the string representation
/// with the correct format for ssh2.
///
/// # Algorithms vector
///
/// Otherwise you can access the inner [`Vec`] of algorithms with the [`Algorithms::algos`] method.
///
/// Beware though, that you must **TAKE CARE of the current variant**.
///
/// For instance in case the variant is [`Algorithms::Exclude`] the algos contained in the vec are the ones **to be excluded**.
///
/// While in case of [`Algorithms::Append`] the algos contained in the vec are the ones to be appended to the default ones.
#[derive(Clone, Debug, PartialEq, Eq)]
pub enum AlgorithmsRule {
/// Append the given algorithms to the default set.
Append(Vec<String>),
/// Place the given algorithms at the head of the list.
Head(Vec<String>),
/// Exclude the given algorithms from the default set.
Exclude(Vec<String>),
/// Set the given algorithms as the default set.
Set(Vec<String>),
}
/// Rule applied; used to format algorithms
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
enum AlgorithmsOp {
Append,
Head,
Exclude,
Set,
}
impl Algorithms {
/// Returns whether the default algorithms are being used.
pub fn is_default(&self) -> bool {
!self.overridden
}
/// Returns algorithms to be used.
pub fn algorithms(&self) -> &[String] {
&self.algos
}
/// Apply an [`AlgorithmsRule`] to the [`Algorithms`] instance.
///
/// If defaults haven't been overridden, apply changes from incoming rule;
/// otherwise keep as-is.
pub fn apply(&mut self, rule: AlgorithmsRule) {
if self.overridden {
// don't apply changes if defaults have been overridden
return;
}
let mut current_algos = self.algos.clone();
match rule.clone() {
AlgorithmsRule::Append(algos) => {
// append but exclude duplicates
for algo in algos {
if !current_algos.iter().any(|s| s == &algo) {
current_algos.push(algo);
}
}
}
AlgorithmsRule::Head(algos) => {
current_algos = algos;
current_algos.extend(self.algorithms().iter().map(|s| s.to_string()));
}
AlgorithmsRule::Exclude(exclude) => {
current_algos = current_algos
.iter()
.filter(|algo| !exclude.contains(algo))
.map(|s| s.to_string())
.collect();
}
AlgorithmsRule::Set(algos) => {
// override default with new set
current_algos = algos;
}
}
// apply changes
self.rule = Some(rule);
self.algos = current_algos;
self.overridden = true;
}
}
impl AlgorithmsRule {
fn op(&self) -> AlgorithmsOp {
match self {
Self::Append(_) => AlgorithmsOp::Append,
Self::Head(_) => AlgorithmsOp::Head,
Self::Exclude(_) => AlgorithmsOp::Exclude,
Self::Set(_) => AlgorithmsOp::Set,
}
}
}
impl FromStr for AlgorithmsRule {
type Err = SshParserError;
fn from_str(s: &str) -> Result<Self, Self::Err> {
if s.is_empty() {
return Err(SshParserError::ExpectedAlgorithms);
}
// get first char
let (op, start) = match s.chars().next().expect("can't be empty") {
ID_APPEND => (AlgorithmsOp::Append, 1),
ID_HEAD => (AlgorithmsOp::Head, 1),
ID_EXCLUDE => (AlgorithmsOp::Exclude, 1),
_ => (AlgorithmsOp::Set, 0),
};
let algos = s[start..]
.split(',')
.map(|s| s.trim().to_string())
.collect::<Vec<String>>();
match op {
AlgorithmsOp::Append => Ok(Self::Append(algos)),
AlgorithmsOp::Head => Ok(Self::Head(algos)),
AlgorithmsOp::Exclude => Ok(Self::Exclude(algos)),
AlgorithmsOp::Set => Ok(Self::Set(algos)),
}
}
}
impl fmt::Display for AlgorithmsRule {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
let op = self.op();
write!(f, "{op}")
}
}
impl fmt::Display for AlgorithmsOp {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match &self {
Self::Append => write!(f, "{ID_APPEND}"),
Self::Head => write!(f, "{ID_HEAD}"),
Self::Exclude => write!(f, "{ID_EXCLUDE}"),
Self::Set => write!(f, ""),
}
}
}
impl fmt::Display for Algorithms {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
if let Some(rule) = self.rule.as_ref() {
write!(f, "{rule}",)
} else {
write!(f, "{}", self.algos.join(","))
}
}
}
#[cfg(test)]
mod test {
use pretty_assertions::assert_eq;
use super::*;
#[test]
fn test_should_parse_algos_set() {
let algo =
AlgorithmsRule::from_str("aes128-ctr,aes192-ctr,aes256-ctr").expect("failed to parse");
assert_eq!(
algo,
AlgorithmsRule::Set(vec![
"aes128-ctr".to_string(),
"aes192-ctr".to_string(),
"aes256-ctr".to_string()
])
);
}
#[test]
fn test_should_parse_algos_append() {
let algo =
AlgorithmsRule::from_str("+aes128-ctr,aes192-ctr,aes256-ctr").expect("failed to parse");
assert_eq!(
algo,
AlgorithmsRule::Append(vec![
"aes128-ctr".to_string(),
"aes192-ctr".to_string(),
"aes256-ctr".to_string()
])
);
}
#[test]
fn test_should_parse_algos_head() {
let algo =
AlgorithmsRule::from_str("^aes128-ctr,aes192-ctr,aes256-ctr").expect("failed to parse");
assert_eq!(
algo,
AlgorithmsRule::Head(vec![
"aes128-ctr".to_string(),
"aes192-ctr".to_string(),
"aes256-ctr".to_string()
])
);
}
#[test]
fn test_should_parse_algos_exclude() {
let algo =
AlgorithmsRule::from_str("-aes128-ctr,aes192-ctr,aes256-ctr").expect("failed to parse");
assert_eq!(
algo,
AlgorithmsRule::Exclude(vec![
"aes128-ctr".to_string(),
"aes192-ctr".to_string(),
"aes256-ctr".to_string()
])
);
}
#[test]
fn test_should_apply_append() {
let mut algo1 = Algorithms::new(&["aes128-ctr", "aes192-ctr"]);
let algo2 = AlgorithmsRule::from_str("+aes256-ctr").expect("failed to parse");
algo1.apply(algo2);
assert_eq!(
algo1.algorithms(),
vec![
"aes128-ctr".to_string(),
"aes192-ctr".to_string(),
"aes256-ctr".to_string()
]
);
}
#[test]
fn test_should_merge_append_if_undefined() {
let algos: Vec<String> = vec![];
let mut algo1 = Algorithms::new(algos);
let algo2 = AlgorithmsRule::from_str("+aes256-ctr").expect("failed to parse");
algo1.apply(algo2);
assert_eq!(algo1.algorithms(), vec!["aes256-ctr".to_string()]);
}
#[test]
fn test_should_merge_head() {
let mut algo1 = Algorithms::new(&["aes128-ctr", "aes192-ctr"]);
let algo2 = AlgorithmsRule::from_str("^aes256-ctr").expect("failed to parse");
algo1.apply(algo2);
assert_eq!(
algo1.algorithms(),
vec![
"aes256-ctr".to_string(),
"aes128-ctr".to_string(),
"aes192-ctr".to_string()
]
);
}
#[test]
fn test_should_apply_head() {
let mut algo1 = Algorithms::new(&["aes128-ctr", "aes192-ctr"]);
let algo2 = AlgorithmsRule::from_str("^aes256-ctr").expect("failed to parse");
algo1.apply(algo2);
assert_eq!(
algo1.algorithms(),
vec![
"aes256-ctr".to_string(),
"aes128-ctr".to_string(),
"aes192-ctr".to_string()
]
);
}
#[test]
fn test_should_merge_exclude() {
let mut algo1 = Algorithms::new(&["aes128-ctr", "aes192-ctr", "aes256-ctr"]);
let algo2 = AlgorithmsRule::from_str("-aes192-ctr").expect("failed to parse");
algo1.apply(algo2);
assert_eq!(
algo1.algorithms(),
vec!["aes128-ctr".to_string(), "aes256-ctr".to_string()]
);
}
#[test]
fn test_should_merge_set() {
let mut algo1 = Algorithms::new(&["aes128-ctr", "aes192-ctr"]);
let algo2 = AlgorithmsRule::from_str("aes256-ctr").expect("failed to parse");
algo1.apply(algo2);
assert_eq!(algo1.algorithms(), vec!["aes256-ctr".to_string()]);
}
#[test]
fn test_should_not_apply_twice() {
let mut algo1 = Algorithms::new(&["aes128-ctr", "aes192-ctr"]);
let algo2 = AlgorithmsRule::from_str("aes256-ctr").expect("failed to parse");
algo1.apply(algo2);
assert_eq!(algo1.algorithms(), vec!["aes256-ctr".to_string(),]);
let algo3 = AlgorithmsRule::from_str("aes128-ctr").expect("failed to parse");
algo1.apply(algo3);
assert_eq!(algo1.algorithms(), vec!["aes256-ctr".to_string()]);
assert_eq!(algo1.overridden, true);
}
}

1814
src/parser.rs Normal file
View file

File diff suppressed because it is too large Load diff

673
src/parser/field.rs Normal file
View file

@ -0,0 +1,673 @@
//! # field
//!
//! Ssh config fields
use std::fmt;
use std::str::FromStr;
/// Configuration field.
/// This enum defines ALL THE SUPPORTED fields in ssh config,
/// as described at <http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5>.
/// Only a few of them are implemented, as described in `HostParams` struct.
#[derive(Debug, Eq, PartialEq)]
pub enum Field {
Host,
BindAddress,
BindInterface,
CaSignatureAlgorithms,
CertificateFile,
Ciphers,
Compression,
ConnectionAttempts,
ConnectTimeout,
HostKeyAlgorithms,
HostName,
IdentityFile,
IgnoreUnknown,
KexAlgorithms,
Mac,
Port,
PubkeyAcceptedAlgorithms,
PubkeyAuthentication,
RemoteForward,
ServerAliveInterval,
TcpKeepAlive,
#[cfg(target_os = "macos")]
UseKeychain,
User,
// -- not implemented
AddKeysToAgent,
AddressFamily,
BatchMode,
CanonicalDomains,
CanonicalizeFallbackLock,
CanonicalizeHostname,
CanonicalizeMaxDots,
CanonicalizePermittedCNAMEs,
CheckHostIP,
ClearAllForwardings,
ControlMaster,
ControlPath,
ControlPersist,
DynamicForward,
EnableSSHKeysign,
EscapeChar,
ExitOnForwardFailure,
FingerprintHash,
ForkAfterAuthentication,
ForwardAgent,
ForwardX11,
ForwardX11Timeout,
ForwardX11Trusted,
GatewayPorts,
GlobalKnownHostsFile,
GSSAPIAuthentication,
GSSAPIDelegateCredentials,
HashKnownHosts,
HostbasedAcceptedAlgorithms,
HostbasedAuthentication,
HostbasedKeyTypes,
HostKeyAlias,
IdentitiesOnly,
IdentityAgent,
Include,
IPQoS,
KbdInteractiveAuthentication,
KbdInteractiveDevices,
KnownHostsCommand,
LocalCommand,
LocalForward,
LogLevel,
LogVerbose,
NoHostAuthenticationForLocalhost,
NumberOfPasswordPrompts,
PasswordAuthentication,
PermitLocalCommand,
PermitRemoteOpen,
PKCS11Provider,
PreferredAuthentications,
ProxyCommand,
ProxyJump,
ProxyUseFdpass,
PubkeyAcceptedKeyTypes,
RekeyLimit,
RequestTTY,
RevokedHostKeys,
SecruityKeyProvider,
SendEnv,
ServerAliveCountMax,
SessionType,
SetEnv,
StdinNull,
StreamLocalBindMask,
StrictHostKeyChecking,
SyslogFacility,
UpdateHostKeys,
UserKnownHostsFile,
VerifyHostKeyDNS,
VisualHostKey,
XAuthLocation,
}
impl FromStr for Field {
type Err = String;
fn from_str(s: &str) -> Result<Self, Self::Err> {
match s.to_lowercase().as_str() {
"host" => Ok(Self::Host),
"bindaddress" => Ok(Self::BindAddress),
"bindinterface" => Ok(Self::BindInterface),
"casignaturealgorithms" => Ok(Self::CaSignatureAlgorithms),
"certificatefile" => Ok(Self::CertificateFile),
"ciphers" => Ok(Self::Ciphers),
"compression" => Ok(Self::Compression),
"connectionattempts" => Ok(Self::ConnectionAttempts),
"connecttimeout" => Ok(Self::ConnectTimeout),
"hostkeyalgorithms" => Ok(Self::HostKeyAlgorithms),
"hostname" => Ok(Self::HostName),
"identityfile" => Ok(Self::IdentityFile),
"ignoreunknown" => Ok(Self::IgnoreUnknown),
"kexalgorithms" => Ok(Self::KexAlgorithms),
"macs" => Ok(Self::Mac),
"port" => Ok(Self::Port),
"pubkeyacceptedalgorithms" => Ok(Self::PubkeyAcceptedAlgorithms),
"pubkeyauthentication" => Ok(Self::PubkeyAuthentication),
"remoteforward" => Ok(Self::RemoteForward),
"serveraliveinterval" => Ok(Self::ServerAliveInterval),
"tcpkeepalive" => Ok(Self::TcpKeepAlive),
#[cfg(target_os = "macos")]
"usekeychain" => Ok(Self::UseKeychain),
"user" => Ok(Self::User),
// -- not implemented fields
"addkeystoagent" => Ok(Self::AddKeysToAgent),
"addressfamily" => Ok(Self::AddressFamily),
"batchmode" => Ok(Self::BatchMode),
"canonicaldomains" => Ok(Self::CanonicalDomains),
"canonicalizefallbacklock" => Ok(Self::CanonicalizeFallbackLock),
"canonicalizehostname" => Ok(Self::CanonicalizeHostname),
"canonicalizemaxdots" => Ok(Self::CanonicalizeMaxDots),
"canonicalizepermittedcnames" => Ok(Self::CanonicalizePermittedCNAMEs),
"checkhostip" => Ok(Self::CheckHostIP),
"clearallforwardings" => Ok(Self::ClearAllForwardings),
"controlmaster" => Ok(Self::ControlMaster),
"controlpath" => Ok(Self::ControlPath),
"controlpersist" => Ok(Self::ControlPersist),
"dynamicforward" => Ok(Self::DynamicForward),
"enablesshkeysign" => Ok(Self::EnableSSHKeysign),
"escapechar" => Ok(Self::EscapeChar),
"exitonforwardfailure" => Ok(Self::ExitOnForwardFailure),
"fingerprinthash" => Ok(Self::FingerprintHash),
"forkafterauthentication" => Ok(Self::ForkAfterAuthentication),
"forwardagent" => Ok(Self::ForwardAgent),
"forwardx11" => Ok(Self::ForwardX11),
"forwardx11timeout" => Ok(Self::ForwardX11Timeout),
"forwardx11trusted" => Ok(Self::ForwardX11Trusted),
"gatewayports" => Ok(Self::GatewayPorts),
"globalknownhostsfile" => Ok(Self::GlobalKnownHostsFile),
"gssapiauthentication" => Ok(Self::GSSAPIAuthentication),
"gssapidelegatecredentials" => Ok(Self::GSSAPIDelegateCredentials),
"hashknownhosts" => Ok(Self::HashKnownHosts),
"hostbasedacceptedalgorithms" => Ok(Self::HostbasedAcceptedAlgorithms),
"hostbasedauthentication" => Ok(Self::HostbasedAuthentication),
"hostkeyalias" => Ok(Self::HostKeyAlias),
"hostbasedkeytypes" => Ok(Self::HostbasedKeyTypes),
"identitiesonly" => Ok(Self::IdentitiesOnly),
"identityagent" => Ok(Self::IdentityAgent),
"include" => Ok(Self::Include),
"ipqos" => Ok(Self::IPQoS),
"kbdinteractiveauthentication" => Ok(Self::KbdInteractiveAuthentication),
"kbdinteractivedevices" => Ok(Self::KbdInteractiveDevices),
"knownhostscommand" => Ok(Self::KnownHostsCommand),
"localcommand" => Ok(Self::LocalCommand),
"localforward" => Ok(Self::LocalForward),
"loglevel" => Ok(Self::LogLevel),
"logverbose" => Ok(Self::LogVerbose),
"nohostauthenticationforlocalhost" => Ok(Self::NoHostAuthenticationForLocalhost),
"numberofpasswordprompts" => Ok(Self::NumberOfPasswordPrompts),
"passwordauthentication" => Ok(Self::PasswordAuthentication),
"permitlocalcommand" => Ok(Self::PermitLocalCommand),
"permitremoteopen" => Ok(Self::PermitRemoteOpen),
"pkcs11provider" => Ok(Self::PKCS11Provider),
"preferredauthentications" => Ok(Self::PreferredAuthentications),
"proxycommand" => Ok(Self::ProxyCommand),
"proxyjump" => Ok(Self::ProxyJump),
"proxyusefdpass" => Ok(Self::ProxyUseFdpass),
"pubkeyacceptedkeytypes" => Ok(Self::PubkeyAcceptedKeyTypes),
"rekeylimit" => Ok(Self::RekeyLimit),
"requesttty" => Ok(Self::RequestTTY),
"revokedhostkeys" => Ok(Self::RevokedHostKeys),
"secruitykeyprovider" => Ok(Self::SecruityKeyProvider),
"sendenv" => Ok(Self::SendEnv),
"serveralivecountmax" => Ok(Self::ServerAliveCountMax),
"sessiontype" => Ok(Self::SessionType),
"setenv" => Ok(Self::SetEnv),
"stdinnull" => Ok(Self::StdinNull),
"streamlocalbindmask" => Ok(Self::StreamLocalBindMask),
"stricthostkeychecking" => Ok(Self::StrictHostKeyChecking),
"syslogfacility" => Ok(Self::SyslogFacility),
"updatehostkeys" => Ok(Self::UpdateHostKeys),
"userknownhostsfile" => Ok(Self::UserKnownHostsFile),
"verifyhostkeydns" => Ok(Self::VerifyHostKeyDNS),
"visualhostkey" => Ok(Self::VisualHostKey),
"xauthlocation" => Ok(Self::XAuthLocation),
// -- unknwon field
_ => Err(s.to_string()),
}
}
}
impl fmt::Display for Field {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
let s = match self {
Self::Host => "host",
Self::BindAddress => "bindaddress",
Self::BindInterface => "bindinterface",
Self::CaSignatureAlgorithms => "casignaturealgorithms",
Self::CertificateFile => "certificatefile",
Self::Ciphers => "ciphers",
Self::Compression => "compression",
Self::ConnectionAttempts => "connectionattempts",
Self::ConnectTimeout => "connecttimeout",
Self::HostKeyAlgorithms => "hostkeyalgorithms",
Self::HostName => "hostname",
Self::IdentityFile => "identityfile",
Self::IgnoreUnknown => "ignoreunknown",
Self::KexAlgorithms => "kexalgorithms",
Self::Mac => "macs",
Self::Port => "port",
Self::PubkeyAcceptedAlgorithms => "pubkeyacceptedalgorithms",
Self::PubkeyAuthentication => "pubkeyauthentication",
Self::RemoteForward => "remoteforward",
Self::ServerAliveInterval => "serveraliveinterval",
Self::TcpKeepAlive => "tcpkeepalive",
#[cfg(target_os = "macos")]
Self::UseKeychain => "usekeychain",
Self::User => "user",
// Continuation of the rest of the enum variants
Self::AddKeysToAgent => "addkeystoagent",
Self::AddressFamily => "addressfamily",
Self::BatchMode => "batchmode",
Self::CanonicalDomains => "canonicaldomains",
Self::CanonicalizeFallbackLock => "canonicalizefallbacklock",
Self::CanonicalizeHostname => "canonicalizehostname",
Self::CanonicalizeMaxDots => "canonicalizemaxdots",
Self::CanonicalizePermittedCNAMEs => "canonicalizepermittedcnames",
Self::CheckHostIP => "checkhostip",
Self::ClearAllForwardings => "clearallforwardings",
Self::ControlMaster => "controlmaster",
Self::ControlPath => "controlpath",
Self::ControlPersist => "controlpersist",
Self::DynamicForward => "dynamicforward",
Self::EnableSSHKeysign => "enablesshkeysign",
Self::EscapeChar => "escapechar",
Self::ExitOnForwardFailure => "exitonforwardfailure",
Self::FingerprintHash => "fingerprinthash",
Self::ForkAfterAuthentication => "forkafterauthentication",
Self::ForwardAgent => "forwardagent",
Self::ForwardX11 => "forwardx11",
Self::ForwardX11Timeout => "forwardx11timeout",
Self::ForwardX11Trusted => "forwardx11trusted",
Self::GatewayPorts => "gatewayports",
Self::GlobalKnownHostsFile => "globalknownhostsfile",
Self::GSSAPIAuthentication => "gssapiauthentication",
Self::GSSAPIDelegateCredentials => "gssapidelegatecredentials",
Self::HashKnownHosts => "hashknownhosts",
Self::HostbasedAcceptedAlgorithms => "hostbasedacceptedalgorithms",
Self::HostbasedAuthentication => "hostbasedauthentication",
Self::HostKeyAlias => "hostkeyalias",
Self::HostbasedKeyTypes => "hostbasedkeytypes",
Self::IdentitiesOnly => "identitiesonly",
Self::IdentityAgent => "identityagent",
Self::Include => "include",
Self::IPQoS => "ipqos",
Self::KbdInteractiveAuthentication => "kbdinteractiveauthentication",
Self::KbdInteractiveDevices => "kbdinteractivedevices",
Self::KnownHostsCommand => "knownhostscommand",
Self::LocalCommand => "localcommand",
Self::LocalForward => "localforward",
Self::LogLevel => "loglevel",
Self::LogVerbose => "logverbose",
Self::NoHostAuthenticationForLocalhost => "nohostauthenticationforlocalhost",
Self::NumberOfPasswordPrompts => "numberofpasswordprompts",
Self::PasswordAuthentication => "passwordauthentication",
Self::PermitLocalCommand => "permitlocalcommand",
Self::PermitRemoteOpen => "permitremoteopen",
Self::PKCS11Provider => "pkcs11provider",
Self::PreferredAuthentications => "preferredauthentications",
Self::ProxyCommand => "proxycommand",
Self::ProxyJump => "proxyjump",
Self::ProxyUseFdpass => "proxyusefdpass",
Self::PubkeyAcceptedKeyTypes => "pubkeyacceptedkeytypes",
Self::RekeyLimit => "rekeylimit",
Self::RequestTTY => "requesttty",
Self::RevokedHostKeys => "revokedhostkeys",
Self::SecruityKeyProvider => "secruitykeyprovider",
Self::SendEnv => "sendenv",
Self::ServerAliveCountMax => "serveralivecountmax",
Self::SessionType => "sessiontype",
Self::SetEnv => "setenv",
Self::StdinNull => "stdinnull",
Self::StreamLocalBindMask => "streamlocalbindmask",
Self::StrictHostKeyChecking => "stricthostkeychecking",
Self::SyslogFacility => "syslogfacility",
Self::UpdateHostKeys => "updatehostkeys",
Self::UserKnownHostsFile => "userknownhostsfile",
Self::VerifyHostKeyDNS => "verifyhostkeydns",
Self::VisualHostKey => "visualhostkey",
Self::XAuthLocation => "xauthlocation",
};
write!(f, "{}", s)
}
}
#[cfg(test)]
mod test {
use pretty_assertions::assert_eq;
use super::*;
#[test]
fn should_parse_field_from_string() {
assert_eq!(Field::from_str("Host").ok().unwrap(), Field::Host);
assert_eq!(
Field::from_str("BindAddress").ok().unwrap(),
Field::BindAddress
);
assert_eq!(
Field::from_str("BindInterface").ok().unwrap(),
Field::BindInterface
);
assert_eq!(
Field::from_str("CaSignatureAlgorithms").ok().unwrap(),
Field::CaSignatureAlgorithms
);
assert_eq!(
Field::from_str("CertificateFile").ok().unwrap(),
Field::CertificateFile
);
assert_eq!(Field::from_str("Ciphers").ok().unwrap(), Field::Ciphers);
assert_eq!(
Field::from_str("Compression").ok().unwrap(),
Field::Compression
);
assert_eq!(
Field::from_str("ConnectionAttempts").ok().unwrap(),
Field::ConnectionAttempts
);
assert_eq!(
Field::from_str("ConnectTimeout").ok().unwrap(),
Field::ConnectTimeout
);
assert_eq!(Field::from_str("HostName").ok().unwrap(), Field::HostName);
assert_eq!(
Field::from_str("IdentityFile").ok().unwrap(),
Field::IdentityFile
);
assert_eq!(
Field::from_str("IgnoreUnknown").ok().unwrap(),
Field::IgnoreUnknown
);
assert_eq!(Field::from_str("Macs").ok().unwrap(), Field::Mac);
assert_eq!(
Field::from_str("PubkeyAcceptedAlgorithms").ok().unwrap(),
Field::PubkeyAcceptedAlgorithms
);
assert_eq!(
Field::from_str("PubkeyAuthentication").ok().unwrap(),
Field::PubkeyAuthentication
);
assert_eq!(
Field::from_str("RemoteForward").ok().unwrap(),
Field::RemoteForward
);
assert_eq!(
Field::from_str("TcpKeepAlive").ok().unwrap(),
Field::TcpKeepAlive
);
#[cfg(target_os = "macos")]
assert_eq!(
Field::from_str("UseKeychain").ok().unwrap(),
Field::UseKeychain
);
assert_eq!(Field::from_str("User").ok().unwrap(), Field::User);
assert_eq!(
Field::from_str("AddKeysToAgent").ok().unwrap(),
Field::AddKeysToAgent
);
assert_eq!(
Field::from_str("AddressFamily").ok().unwrap(),
Field::AddressFamily
);
assert_eq!(Field::from_str("BatchMode").ok().unwrap(), Field::BatchMode);
assert_eq!(
Field::from_str("CanonicalDomains").ok().unwrap(),
Field::CanonicalDomains
);
assert_eq!(
Field::from_str("CanonicalizeFallbackLock").ok().unwrap(),
Field::CanonicalizeFallbackLock
);
assert_eq!(
Field::from_str("CanonicalizeHostname").ok().unwrap(),
Field::CanonicalizeHostname
);
assert_eq!(
Field::from_str("CanonicalizeMaxDots").ok().unwrap(),
Field::CanonicalizeMaxDots
);
assert_eq!(
Field::from_str("CanonicalizePermittedCNAMEs").ok().unwrap(),
Field::CanonicalizePermittedCNAMEs
);
assert_eq!(
Field::from_str("CheckHostIP").ok().unwrap(),
Field::CheckHostIP
);
assert_eq!(
Field::from_str("ClearAllForwardings").ok().unwrap(),
Field::ClearAllForwardings
);
assert_eq!(
Field::from_str("ControlMaster").ok().unwrap(),
Field::ControlMaster
);
assert_eq!(
Field::from_str("ControlPath").ok().unwrap(),
Field::ControlPath
);
assert_eq!(
Field::from_str("ControlPersist").ok().unwrap(),
Field::ControlPersist
);
assert_eq!(
Field::from_str("DynamicForward").ok().unwrap(),
Field::DynamicForward
);
assert_eq!(
Field::from_str("EnableSSHKeysign").ok().unwrap(),
Field::EnableSSHKeysign
);
assert_eq!(
Field::from_str("EscapeChar").ok().unwrap(),
Field::EscapeChar
);
assert_eq!(
Field::from_str("ExitOnForwardFailure").ok().unwrap(),
Field::ExitOnForwardFailure
);
assert_eq!(
Field::from_str("FingerprintHash").ok().unwrap(),
Field::FingerprintHash
);
assert_eq!(
Field::from_str("ForkAfterAuthentication").ok().unwrap(),
Field::ForkAfterAuthentication
);
assert_eq!(
Field::from_str("ForwardAgent").ok().unwrap(),
Field::ForwardAgent
);
assert_eq!(
Field::from_str("ForwardX11").ok().unwrap(),
Field::ForwardX11
);
assert_eq!(
Field::from_str("ForwardX11Timeout").ok().unwrap(),
Field::ForwardX11Timeout
);
assert_eq!(
Field::from_str("ForwardX11Trusted").ok().unwrap(),
Field::ForwardX11Trusted,
);
assert_eq!(
Field::from_str("GatewayPorts").ok().unwrap(),
Field::GatewayPorts
);
assert_eq!(
Field::from_str("GlobalKnownHostsFile").ok().unwrap(),
Field::GlobalKnownHostsFile
);
assert_eq!(
Field::from_str("GSSAPIAuthentication").ok().unwrap(),
Field::GSSAPIAuthentication
);
assert_eq!(
Field::from_str("GSSAPIDelegateCredentials").ok().unwrap(),
Field::GSSAPIDelegateCredentials
);
assert_eq!(
Field::from_str("HashKnownHosts").ok().unwrap(),
Field::HashKnownHosts
);
assert_eq!(
Field::from_str("HostbasedAcceptedAlgorithms").ok().unwrap(),
Field::HostbasedAcceptedAlgorithms
);
assert_eq!(
Field::from_str("HostbasedAuthentication").ok().unwrap(),
Field::HostbasedAuthentication
);
assert_eq!(
Field::from_str("HostKeyAlgorithms").ok().unwrap(),
Field::HostKeyAlgorithms
);
assert_eq!(
Field::from_str("HostKeyAlias").ok().unwrap(),
Field::HostKeyAlias
);
assert_eq!(
Field::from_str("HostbasedKeyTypes").ok().unwrap(),
Field::HostbasedKeyTypes
);
assert_eq!(
Field::from_str("IdentitiesOnly").ok().unwrap(),
Field::IdentitiesOnly
);
assert_eq!(
Field::from_str("IdentityAgent").ok().unwrap(),
Field::IdentityAgent
);
assert_eq!(Field::from_str("Include").ok().unwrap(), Field::Include);
assert_eq!(Field::from_str("IPQoS").ok().unwrap(), Field::IPQoS);
assert_eq!(
Field::from_str("KbdInteractiveAuthentication")
.ok()
.unwrap(),
Field::KbdInteractiveAuthentication
);
assert_eq!(
Field::from_str("KbdInteractiveDevices").ok().unwrap(),
Field::KbdInteractiveDevices
);
assert_eq!(
Field::from_str("KnownHostsCommand").ok().unwrap(),
Field::KnownHostsCommand
);
assert_eq!(
Field::from_str("LocalCommand").ok().unwrap(),
Field::LocalCommand
);
assert_eq!(
Field::from_str("LocalForward").ok().unwrap(),
Field::LocalForward
);
assert_eq!(Field::from_str("LogLevel").ok().unwrap(), Field::LogLevel);
assert_eq!(
Field::from_str("LogVerbose").ok().unwrap(),
Field::LogVerbose
);
assert_eq!(
Field::from_str("NoHostAuthenticationForLocalhost")
.ok()
.unwrap(),
Field::NoHostAuthenticationForLocalhost
);
assert_eq!(
Field::from_str("NumberOfPasswordPrompts").ok().unwrap(),
Field::NumberOfPasswordPrompts
);
assert_eq!(
Field::from_str("PasswordAuthentication").ok().unwrap(),
Field::PasswordAuthentication
);
assert_eq!(
Field::from_str("PermitLocalCommand").ok().unwrap(),
Field::PermitLocalCommand
);
assert_eq!(
Field::from_str("PermitRemoteOpen").ok().unwrap(),
Field::PermitRemoteOpen
);
assert_eq!(
Field::from_str("PKCS11Provider").ok().unwrap(),
Field::PKCS11Provider
);
assert_eq!(Field::from_str("Port").ok().unwrap(), Field::Port);
assert_eq!(
Field::from_str("PreferredAuthentications").ok().unwrap(),
Field::PreferredAuthentications
);
assert_eq!(
Field::from_str("ProxyCommand").ok().unwrap(),
Field::ProxyCommand
);
assert_eq!(Field::from_str("ProxyJump").ok().unwrap(), Field::ProxyJump);
assert_eq!(
Field::from_str("ProxyUseFdpass").ok().unwrap(),
Field::ProxyUseFdpass
);
assert_eq!(
Field::from_str("PubkeyAcceptedKeyTypes").ok().unwrap(),
Field::PubkeyAcceptedKeyTypes
);
assert_eq!(
Field::from_str("RekeyLimit").ok().unwrap(),
Field::RekeyLimit
);
assert_eq!(
Field::from_str("RequestTTY").ok().unwrap(),
Field::RequestTTY
);
assert_eq!(
Field::from_str("RevokedHostKeys").ok().unwrap(),
Field::RevokedHostKeys
);
assert_eq!(
Field::from_str("SecruityKeyProvider").ok().unwrap(),
Field::SecruityKeyProvider
);
assert_eq!(Field::from_str("SendEnv").ok().unwrap(), Field::SendEnv);
assert_eq!(
Field::from_str("ServerAliveCountMax").ok().unwrap(),
Field::ServerAliveCountMax
);
assert_eq!(
Field::from_str("ServerAliveInterval").ok().unwrap(),
Field::ServerAliveInterval
);
assert_eq!(
Field::from_str("SessionType").ok().unwrap(),
Field::SessionType
);
assert_eq!(Field::from_str("SetEnv").ok().unwrap(), Field::SetEnv);
assert_eq!(Field::from_str("StdinNull").ok().unwrap(), Field::StdinNull);
assert_eq!(
Field::from_str("StreamLocalBindMask").ok().unwrap(),
Field::StreamLocalBindMask
);
assert_eq!(
Field::from_str("StrictHostKeyChecking").ok().unwrap(),
Field::StrictHostKeyChecking
);
assert_eq!(
Field::from_str("SyslogFacility").ok().unwrap(),
Field::SyslogFacility
);
assert_eq!(
Field::from_str("UpdateHostKeys").ok().unwrap(),
Field::UpdateHostKeys
);
assert_eq!(
Field::from_str("UserKnownHostsFile").ok().unwrap(),
Field::UserKnownHostsFile
);
assert_eq!(
Field::from_str("VerifyHostKeyDNS").ok().unwrap(),
Field::VerifyHostKeyDNS
);
assert_eq!(
Field::from_str("VisualHostKey").ok().unwrap(),
Field::VisualHostKey
);
assert_eq!(
Field::from_str("XAuthLocation").ok().unwrap(),
Field::XAuthLocation
);
}
#[test]
fn should_fail_parsing_field() {
assert!(Field::from_str("CristinaDavena").is_err());
}
}

211
src/serializer.rs Normal file
View file

@ -0,0 +1,211 @@
//! SSH Config serializer
use std::fmt;
use crate::{Host, HostParams, SshConfig};
pub struct SshConfigSerializer<'a>(&'a SshConfig);
impl SshConfigSerializer<'_> {
pub fn serialize(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
if self.0.hosts.is_empty() {
return Ok(());
}
// serialize default host
let root = self.0.hosts.first().unwrap();
Self::serialize_host_params(f, &root.params, false)?;
// serialize other hosts
for host in self.0.hosts.iter().skip(1) {
Self::serialize_host(f, host)?;
}
Ok(())
}
fn serialize_host(f: &mut fmt::Formatter<'_>, host: &Host) -> fmt::Result {
for pattern in &host.pattern {
writeln!(f, "Host {pattern}",)?;
Self::serialize_host_params(f, &host.params, true)?;
writeln!(f,)?;
}
Ok(())
}
fn serialize_host_params(
f: &mut fmt::Formatter<'_>,
params: &HostParams,
nested: bool,
) -> fmt::Result {
let padding = if nested { " " } else { "" };
if let Some(value) = params.bind_address.as_ref() {
writeln!(f, "{padding}Hostname {value}",)?;
}
if let Some(value) = params.bind_interface.as_ref() {
writeln!(f, "{padding}BindAddress {value}",)?;
}
if !params.ca_signature_algorithms.is_default() {
writeln!(
f,
"{padding}CASignatureAlgorithms {ca_signature_algorithms}",
padding = padding,
ca_signature_algorithms = params.ca_signature_algorithms
)?;
}
if let Some(certificate_file) = params.certificate_file.as_ref() {
writeln!(f, "{padding}CertificateFile {}", certificate_file.display())?;
}
if !params.ciphers.is_default() {
writeln!(
f,
"{padding}Ciphers {ciphers}",
padding = padding,
ciphers = params.ciphers
)?;
}
if let Some(value) = params.compression.as_ref() {
writeln!(
f,
"{padding}Compression {}",
if *value { "yes" } else { "no" }
)?;
}
if let Some(connection_attempts) = params.connection_attempts {
writeln!(f, "{padding}ConnectionAttempts {connection_attempts}",)?;
}
if let Some(connect_timeout) = params.connect_timeout {
writeln!(f, "{padding}ConnectTimeout {}", connect_timeout.as_secs())?;
}
if !params.host_key_algorithms.is_default() {
writeln!(
f,
"{padding}HostKeyAlgorithms {host_key_algorithms}",
padding = padding,
host_key_algorithms = params.host_key_algorithms
)?;
}
if let Some(host_name) = params.host_name.as_ref() {
writeln!(f, "{padding}HostName {host_name}",)?;
}
if let Some(identity_file) = params.identity_file.as_ref() {
writeln!(
f,
"{padding}IdentityFile {}",
identity_file
.iter()
.map(|p| p.display().to_string())
.collect::<Vec<_>>()
.join(",")
)?;
}
if let Some(ignore_unknown) = params.ignore_unknown.as_ref() {
writeln!(
f,
"{padding}IgnoreUnknown {}",
ignore_unknown
.iter()
.map(|p| p.to_string())
.collect::<Vec<_>>()
.join(",")
)?;
}
if !params.kex_algorithms.is_default() {
writeln!(
f,
"{padding}KexAlgorithms {kex_algorithms}",
padding = padding,
kex_algorithms = params.kex_algorithms
)?;
}
if !params.mac.is_default() {
writeln!(
f,
"{padding}MACs {mac}",
padding = padding,
mac = params.mac
)?;
}
if let Some(port) = params.port {
writeln!(f, "{padding}Port {port}", port = port)?;
}
if !params.pubkey_accepted_algorithms.is_default() {
writeln!(
f,
"{padding}PubkeyAcceptedAlgorithms {pubkey_accepted_algorithms}",
padding = padding,
pubkey_accepted_algorithms = params.pubkey_accepted_algorithms
)?;
}
if let Some(pubkey_authentication) = params.pubkey_authentication.as_ref() {
writeln!(
f,
"{padding}PubkeyAuthentication {}",
if *pubkey_authentication { "yes" } else { "no" }
)?;
}
if let Some(remote_forward) = params.remote_forward.as_ref() {
writeln!(f, "{padding}RemoteForward {remote_forward}",)?;
}
if let Some(server_alive_interval) = params.server_alive_interval {
writeln!(
f,
"{padding}ServerAliveInterval {}",
server_alive_interval.as_secs()
)?;
}
if let Some(tcp_keep_alive) = params.tcp_keep_alive.as_ref() {
writeln!(
f,
"{padding}TCPKeepAlive {}",
if *tcp_keep_alive { "yes" } else { "no" }
)?;
}
#[cfg(target_os = "macos")]
if let Some(use_keychain) = params.use_keychain.as_ref() {
writeln!(
f,
"{padding}UseKeychain {}",
if *use_keychain { "yes" } else { "no" }
)?;
}
if let Some(user) = params.user.as_ref() {
writeln!(f, "{padding}User {user}",)?;
}
for (field, value) in &params.ignored_fields {
writeln!(
f,
"{padding}{field} {value}",
field = field,
value = value
.iter()
.map(|v| v.to_string())
.collect::<Vec<_>>()
.join(" ")
)?;
}
for (field, value) in &params.unsupported_fields {
writeln!(
f,
"{padding}{field} {value}",
field = field,
value = value
.iter()
.map(|v| v.to_string())
.collect::<Vec<_>>()
.join(" ")
)?;
}
Ok(())
}
}
impl<'a> From<&'a SshConfig> for SshConfigSerializer<'a> {
fn from(config: &'a SshConfig) -> Self {
SshConfigSerializer(config)
}
}