Add awit-ssh host name completion

The only issue I see with this is the ssh_hosts file is encrypted by default on any new installation going at least 1yr back

In my case only 27 out of 286 lines where encrypted.

awit-zsh-superawesome blocks encryption via zshrc.d/93-aliases-ssh-do-not-use-system-config.zsh

So does awit-ssh, so the only time we would land up with encrypted lines is when using normal ssh, scp, etc. And then only if it's a host that the system has never seen before.

If they are not hashed, it is a bug, the known hosts should be hashed.

In that case the code in this merge can't work and currently has no way to work.

Are you against have a list of hosts on the system, as I'll have to code another way to make and maintain the list?

I'll update the instructions in awit-zsh-awesome and awit-ssh to add the following to ~/.ssh/config to fix the bug:

Host * HashKnownHosts yes

I can't recall why we do not use the system ssh config, there was a reason. We should probably be using the system default nonetheless, there was a very good reason why we not. I think we leave that as it is.

Some distro's are defaulting to hashing even without anything in the system ssh config. Unless thats done in a newer version of OpenSSH.

Basically, what it boils down to is I don't think its a good idea to use the known hosts file for autocompletion. I'd accept a merge of it and instruction README.md into a contrib/ dir tho?

I would not mind if you chose to have your known hosts file in plain text.

On a side note, I'm not very comfortable with adding a feature to display all the hosts either. That was one of my lines of thinking.

You called it the "SendEnv issue". In the sysem ssh config it has:

SendEnv LANG LC_*

And you didn't want that, so you coded the default to using the users ssh config in awit-ssh and awit-zsh-awesome. That in turn "switched" off HashKnownHosts as it's not on by default in a users ssh config.

I'm not clear on what you want me to do about it though, apart from putting this code into a contrib directory?

What's displaying all the known hosts?

Command line options using -o do not override config file args, which sucks.

The issue is people had country specific locales set locally, which broke when that ENV was set on the server side in the shell.

+# Setting -F to the users home dir will ignore the system ssh_config +# We do this because: +# - The system has SendEnv set to send locale environment variables to the server, LANG and LC_ALL +alias ssh="/usr/bin/ssh -F ~/.ssh/config"

SendEnv LANG LC_* is Debian and derivative specific it seems.

This is the reason why we set the config file to use as being ~/.ssh/config.

Basically I do not want to compromise the choice and create broken output, or degradation in performance if the user does have hashed known_hosts.

That being said, can you enable it only if the file is not hashed? You can then probably remove the instructions in README.md and add a note instead that autocomplete does not work for hashed known_hosts files (making it 100x more simple)?

That would mean that nobody within the company can use it, as everyone has a partially hashed known hosts file by now.

Not serious though as only you and I would most likely use this, and you probably have all the hosts memorized by now any way.

I'll make an installer that checks for hashes.

tbh, the easiest is to check if the known_hosts is hashed or not, if not then enable the completion .. should be a quick and easy addition?

As you said the default is actually not to hash it (I was wrong, I can't find any distro that compiles it enabled by default, and the only ones that hash the file are those that use the system config to do it). So the only ones affected would be those that have used an old version of awit-ssh.

I'll accept an if modification to enable it if there are plain text entries in known_hosts :), we just need to exclude hashed entries if they exist.

That will introduce 3 "bugs".

1. Any one with a partially hashed known hosts will never be able to use completion, and will have no idea why.
2. You can start out with an un-hashed known hosts, use an app that reads the system config file, and suddenly no longer have completion.
3. If we only ignore hashed lines in known hosts, then some hosts will never be available for completion no matter how many times you enter them.

Hrmmm, very good points.

added 1 commit

• 90f8b0c7 - Add awit-ssh host name completion

Compare with previous version

Moved things around.

merged

mentioned in commit 121f01ef