From 28e8daf726ee3f5aaec163401c40900ecb69e876 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Fri, 22 Dec 2023 23:35:41 +0200 Subject: [PATCH] sshtunnel: simplify command composition Remove append_params and use shell expressions instead e.g. ${port:+-p $port}. Note that we can't do that with ProxyCommand because it has to be quoted. The order of options was changed from more important like hostname to just static -nN. The CompressionLevel option is removed from SSH2. Signed-off-by: Sergey Ponomarev --- net/sshtunnel/files/sshtunnel.init | 45 +++++++++++++----------------- net/sshtunnel/files/uci_sshtunnel | 1 - 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/net/sshtunnel/files/sshtunnel.init b/net/sshtunnel/files/sshtunnel.init index 195cc78249..e7c256e042 100644 --- a/net/sshtunnel/files/sshtunnel.init +++ b/net/sshtunnel/files/sshtunnel.init @@ -18,16 +18,6 @@ _err() { logger -p daemon.err -t sshtunnel "$@" } -append_params() { - local p v args - for p in "$@"; do - eval "v=\$$p" - [ -n "$v" ] && args="$args -o $p=$v" - done - - ARGS_options="${args# *}" -} - append_string() { local varname="$1"; local add="$2"; local separator="${3:- }"; local actual new eval "actual=\$$varname" @@ -45,7 +35,6 @@ validate_server_section() { 'PKCS11Provider:file' \ 'CheckHostIP:or("yes", "no")' \ 'Compression:or("yes", "no")' \ - 'CompressionLevel:range(1,9)' \ 'IdentityFile:file' \ 'LogLevel:or("QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3")' \ 'ServerAliveCountMax:min(1)' \ @@ -172,8 +161,6 @@ load_server() { [ "$2" = 0 ] || { _err "server $server: validation failed"; return 1; } - local ARGS="" - local ARGS_options="" local ARGS_tunnels="" local count=0 @@ -183,19 +170,27 @@ load_server() { config_foreach validate_tunnelW_section "tunnelW" load_tunnelW [ "$count" -eq 0 ] && { _err "tunnels to $server not started - no tunnels defined"; return 1; } - append_params CheckHostIP Compression CompressionLevel \ - LogLevel PKCS11Provider ServerAliveCountMax ServerAliveInterval \ - StrictHostKeyChecking TCPKeepAlive VerifyHostKeyDNS + # old dbclient use -y for StrictHostKeyChecking. + # The -y for OpenSSH means to use syslog but that's ok + local db_StrictHostKeyChecking="" + [ "$StrictHostKeyChecking" = "accept-new" ] && db_StrictHostKeyChecking="-y" + [ "$StrictHostKeyChecking" = "no" ] && db_StrictHostKeyChecking="-yy" - # dropbear doesn't support -o IdentityFile so use -i instead - [ -n "$IdentityFile" ] && ARGS_options="$ARGS_options -i $IdentityFile" - # dbclient doesn't support StrictHostKeyChecking but it has the -y option that works same - [ "$StrictHostKeyChecking" = "accept-new" ] && ARGS_options="$ARGS_options -y" - [ "$StrictHostKeyChecking" = "no" ] && ARGS_options="$ARGS_options -yy" - ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels " - [ -n "$port" ] && ARGS="$ARGS -p $port " - [ -n "$user" ] && ARGS="$ARGS $user@" - ARGS="${ARGS}$hostname" + local ARGS="$hostname $ARGS_tunnels \ + ${port:+-p $port} \ + ${user:+-l $user} \ + ${IdentityFile:+-i $IdentityFile} \ + ${CheckHostIP:+-o CheckHostIP=$CheckHostIP} \ + ${VerifyHostKeyDNS:+-o VerifyHostKeyDNS=$VerifyHostKeyDNS} \ + ${Compression:+-o Compression=$Compression} \ + ${LogLevel:+-o LogLevel=$LogLevel} \ + ${PKCS11Provider:+-o PKCS11Provider=$PKCS11Provider} \ + ${TCPKeepAlive:+-o TCPKeepAlive=$TCPKeepAlive} \ + ${ServerAliveCountMax:+-o ServerAliveCountMax=$ServerAliveCountMax} \ + ${ServerAliveInterval:+-o ServerAliveInterval=$ServerAliveInterval} \ + ${StrictHostKeyChecking:+-o StrictHostKeyChecking=$StrictHostKeyChecking $db_StrictHostKeyChecking} \ + -o ExitOnForwardFailure=yes -o BatchMode=yes -nN \ + " procd_open_instance "$server" procd_set_param command "$PROG" $ARGS diff --git a/net/sshtunnel/files/uci_sshtunnel b/net/sshtunnel/files/uci_sshtunnel index 496e470309..f9bb449801 100644 --- a/net/sshtunnel/files/uci_sshtunnel +++ b/net/sshtunnel/files/uci_sshtunnel @@ -10,7 +10,6 @@ # option retrydelay 1 # option CheckHostIP yes # option Compression no -# option CompressionLevel 6 # option IdentityFile /root/.ssh/id_rsa # option LogLevel INFO # option PKCS11Provider /lib/pteidpkcs11.so