linux - 使用 augtool 修改 ssh_config

Question

这是默认值 /etc/ssh/ssh_config ，其中包含 #ForwardX11 no，我想更改它，所以我这样做了

augtool set "/files/etc/ssh/ssh_config/ForwardX11" yes

失败了，但是在 Host *

之后添加了 ForwardX11 yes

augtool set "/files/etc/ssh/ssh_config/Host/ForwardX11" yes

问题

• 为什么 augtool 不取消注释 #ForwardX11 no？
• 为什么我必须指定 .../Host/...？
• 为什么下面的输出中缺少 GSSAPIAuthentication yes 和 ForwardX11Trusted yes？

[root@localhost ~]# augtool ls "/files/etc/ssh/ssh_config"
#comment[1] = $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
#comment[2] = This is the ssh client system-wide configuration file.  See
#comment[3] = ssh_config(5) for more information.  This file provides defaults for
#comment[4] = users, and the values can be changed in per-user configuration files
#comment[5] = or on the command line.
#comment[6] = Configuration data is parsed as follows:
#comment[7] = 1. command line options
#comment[8] = 2. user-specific file
#comment[9] = 3. system-wide file
#comment[10] = Any configuration value is only changed the first time it is set.
#comment[11] = Thus, host-specific definitions should be at the beginning of the
#comment[12] = configuration file, and defaults at the end.
#comment[13] = Site-wide defaults for some commonly used options.  For a comprehensive
#comment[14] = list of available options, their meanings and defaults, please see the
#comment[15] = ssh_config(5) man page.
#comment[16] = Host *
#comment[17] = ForwardAgent no
#comment[18] = ForwardX11 no
#comment[19] = RhostsRSAAuthentication no
#comment[20] = RSAAuthentication yes
#comment[21] = PasswordAuthentication yes
#comment[22] = HostbasedAuthentication no
#comment[23] = GSSAPIAuthentication no
#comment[24] = GSSAPIDelegateCredentials no
#comment[25] = GSSAPIKeyExchange no
#comment[26] = GSSAPITrustDNS no
#comment[27] = BatchMode no
#comment[28] = CheckHostIP yes
#comment[29] = AddressFamily any
#comment[30] = ConnectTimeout 0
#comment[31] = StrictHostKeyChecking ask
#comment[32] = IdentityFile ~/.ssh/identity
#comment[33] = IdentityFile ~/.ssh/id_rsa
#comment[34] = IdentityFile ~/.ssh/id_dsa
#comment[35] = Port 22
#comment[36] = Protocol 2,1
#comment[37] = Cipher 3des
#comment[38] = Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#comment[39] = MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#comment[40] = EscapeChar ~
#comment[41] = Tunnel no
#comment[42] = TunnelDevice any:any
#comment[43] = PermitLocalCommand no
#comment[44] = VisualHostKey no
#comment[45] = ProxyCommand ssh -q -W %h:%p gateway.example.com
#comment[46] = RekeyLimit 1G 1h
Host/ = *

Answer 1

Augeas 没有 (un)? 评论的概念。它只允许您使用映射它们的树来管理文件中的条目。您可以通过在评论之后(或之前)插入新条目并删除评论来模拟取消注释条目，但 Augeas 不会自动执行此操作。

当 Augeas 设置一个值时，如果它可以找到一个现有节点，它会更改现有节点的值，否则创建一个新节点(在树的末尾)。但是，树中节点的顺序很重要，在 Host 节点之后为全局设置创建条目是无效的。因此，您需要在第一个 Host 条目之前插入新节点:

ins ForwardX11 before Host[1]
set ForwardX11 yes

如果您愿意，您也可以在 Host 条目中设置它，尽管这不是严格等效的(参见 man ssh_config):

set Host[.='*'] *    # Ensure the Host entry exists
set Host[.='*']/ForwardX11 yes

至于缺少的两个条目，它们不会出现在您的输出中，因为 ls 不是递归命令。如果您想递归地查看树，请使用 print。