Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Loading ~/.lima/default/ssh.config alerts Unsupported option "gssapiauthentication" since NixOS 24.11 #950

Closed
kachick opened this issue Nov 19, 2024 · 13 comments · Fixed by #960 · May be fixed by kachick/lima#1
Closed
Labels
bug Something isn't working

Comments

@kachick
Copy link
Owner

kachick commented Nov 19, 2024

Since #943
Accessing lima alerts Unsupported option "gssapiauthentication". It is annoy even through I can use the shell
And this is also happened in other SSH use.

> lima                                               
command-line line 0: Unsupported option "gssapiauthentication"

> bat /home/kachick/.lima/default/ssh.config                                                                                                                                                   
# This SSH config file can be passed to 'ssh -F'.
# This file is created by Lima, but not used by Lima itself currently.
# Modifications to this file will be lost on restarting the Lima instance.
Host lima-default
  IdentityFile "/home/kachick/.lima/_config/user"
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  NoHostAuthenticationForLocalhost yes
  GSSAPIAuthentication no
  PreferredAuthentications publickey
  Compression no
  BatchMode yes
  IdentitiesOnly yes
  Ciphers "^aes128-gcm@openssh.com,aes256-gcm@openssh.com"
  User kachick
  ControlMaster auto
  ControlPath "/home/kachick/.lima/default/ssh.sock"
  ControlPersist yes
  Hostname 127.0.0.1
  Port 60022

ref: NixOS/nixpkgs#30739, #936

@kachick kachick added the bug Something isn't working label Nov 19, 2024
@kachick kachick changed the title Login to lima VM shell alerts Unsupported option "gssapiauthentication" Loading ~/.lima/default/ssh.config alerts Unsupported option "gssapiauthentication" Nov 19, 2024
@kachick
Copy link
Owner Author

kachick commented Nov 20, 2024

https://github.com/lima-vm/lima/blame/af4e870810bf0f3218135c2996d835b8fe622f9a/pkg/sshutil/sshutil.go#L188

Lima introduced it in old version, so new OpenSSH since #943 making this issue? 🤔

@kachick kachick added this to 🛸 Nov 21, 2024
@github-project-automation github-project-automation bot moved this to 🙋‍♂ in 🛸 Nov 21, 2024
@kachick
Copy link
Owner Author

kachick commented Nov 21, 2024

> limactl show-ssh --help
Show the ssh command line (DEPRECATED)

WARNING: 'limactl show-ssh' is deprecated.
Instead, use 'ssh -F /home/kachick/.lima/default/ssh.config lima-default' .

Usage:
  limactl show-ssh [flags] INSTANCE

Examples:

  "cmd" format (default): Full ssh command line.
    $ limactl show-ssh --format=cmd default
    ssh -o IdentityFile="/Users/example/.lima/_config/user" -o User=example -o Hostname=127.0.0.1 -o Port=60022 lima-default

  "args" format: Similar to the cmd format but omits "ssh" and the destination address
    $ limactl show-ssh --format=args default
    -o IdentityFile="/Users/example/.lima/_config/user" -o User=example -o Hostname=127.0.0.1 -o Port=60022

  "options" format: ssh option key value pairs
    $ limactl show-ssh --format=options default
    IdentityFile="/Users/example/.lima/_config/user"
    User=example
    Hostname=127.0.0.1
    Port=60022

  "config" format: ~/.ssh/config format
    $ limactl show-ssh --format=config default
    Host lima-default
      IdentityFile "/Users/example/.lima/_config/user "
      User example
      Hostname 127.0.0.1
      Port 60022

  To show the config file path:
    $ limactl ls --format='{{.SSHConfigFile}}' default
    /Users/example/.lima/default/ssh.config


Flags:
  -f, --format string   Format: cmd, args, options, config (default "cmd")
  -h, --help            help for show-ssh

Global Flags:
      --debug               debug mode
      --log-format string   Set the logging format [text, json] (default "text")
      --log-level string    Set the logging level [trace, debug, info, warn, error]
      --tty                 Enable TUI interactions such as opening an editor. Defaults to true when stdout is a terminal. Set to false for automation. (default true)

filtering the file and saving might not correct, because of lima modify the content when reboot the instance. So managing in repository will not fit.

@kachick
Copy link
Owner Author

kachick commented Nov 21, 2024

However darwin uses own ssh and does not make warning for now. So watching the lima generated file with systemd and put filtered file might be enough...?

@kachick
Copy link
Owner Author

kachick commented Nov 21, 2024

NixOS/nixops#395

I don't want to switch back the openssh package just avoiding this problem...

@kachick
Copy link
Owner Author

kachick commented Nov 21, 2024

@kachick
Copy link
Owner Author

kachick commented Nov 21, 2024

systemd のユニットファイル (systemd.unit(5)) の構文は XDG の Desktop Entry Specification である .desktop ファイル から影響を受けています。そして .desktop は Microsoft Windows の .ini ファイル からインスパイアされています。

🙄

@kachick

This comment was marked as off-topic.

@kachick
Copy link
Owner Author

kachick commented Nov 22, 2024

@kachick
Copy link
Owner Author

kachick commented Nov 22, 2024

💭 I need to run lima as limactl start, so piping the entr might be enough? 🤔

@kachick
Copy link
Owner Author

kachick commented Nov 22, 2024

And considering multiple lima instance case, including only the default instance config might not fit...

(--plain is also useful for simple vm creation)

@kachick
Copy link
Owner Author

kachick commented Nov 22, 2024

https://man7.org/linux/man-pages/man5/ssh_config.5.html

       Include
               Include the specified configuration file(s).  Multiple
               pathnames may be specified and each pathname may contain
               glob(7) wildcards and, for user configurations, shell-
               like ‘~’ references to user home directories.  Wildcards
               will be expanded and processed in lexical order.  Files
               without absolute paths are assumed to be in ~/.ssh if
               included in a user configuration file or /etc/ssh if
               included from the system configuration file.  Include
               directive may appear inside a Match or Host block to
               perform conditional inclusion.

wildcard is available

@kachick kachick changed the title Loading ~/.lima/default/ssh.config alerts Unsupported option "gssapiauthentication" Loading ~/.lima/default/ssh.config alerts Unsupported option "gssapiauthentication" since NixOS 24.11 Nov 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Archived in project
1 participant