remove "manhole" (ssh-accessible REPL)

This little-used debugging feature allowed you to SSH or Telnet "into" a Tahoe node, and get an interactive Read-Eval-Print-Loop (REPL) that executed inside the context of the running process. The SSH authentication code used a deprecated feature of Twisted, this code had no unit-test coverage, and I haven't personally used it in at least 6 years (despite writing it in the first place). Time to go. Also experiment with a Twisted-style "topfiles/" directory of NEWS fragments. The idea is that we require all user-visible changes to include a file or two (named as $TICKETNUM.$TYPE), and then run a script to generate NEWS during the release process, instead of having a human scan the commit logs and summarize the changes long after they landed. Closes ticket:2367
zooko · Apr 6, 2016 · 8279d91 · 8279d91
1 parent a816102
commit 8279d91
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 325 deletions.
diff --git a/docs/configuration.rst b/docs/configuration.rst
@@ -272,19 +272,6 @@ set the ``tub.location`` option described below.
 
     .. _`#521`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/521
 
-``ssh.port = (strports string, optional)``
-
-``ssh.authorized_keys_file = (filename, optional)``
-
-    This enables an SSH-based interactive Python shell, which can be used to
-    inspect the internal state of the node, for debugging. To cause the node
-    to accept SSH connections on port 8022 from the same keys as the rest of
-    your account, use::
-
-      [tub]
-      ssh.port = 8022
-      ssh.authorized_keys_file = ~/.ssh/authorized_keys
-
 ``tempdir = (string, optional)``
 
     This specifies a temporary directory for the web-API server to use, for
@@ -705,8 +692,6 @@ a legal one.
   log_gatherer.furl = pb://[email protected]:44801/eqpwqtzm
   timeout.keepalive = 240
   timeout.disconnect = 1800
-  ssh.port = 8022
-  ssh.authorized_keys_file = ~/.ssh/authorized_keys
   
   [client]
   introducer.furl = pb://[email protected]:44801/ii3uumo

diff --git a/src/allmydata/debugshell.py b/src/allmydata/debugshell.py
diff --git a/src/allmydata/manhole.py b/src/allmydata/manhole.py
diff --git a/src/allmydata/node.py b/src/allmydata/node.py
@@ -88,7 +88,6 @@ def __init__(self, basedir=u"."):
         self.create_tub()
         self.logSource="Node"
 
-        self.setup_ssh()
         self.setup_logging()
         self.log("Node constructed. " + get_package_versions_string())
         iputil.increase_rlimits()
@@ -203,16 +202,6 @@ def create_tub(self):
         # any services with the Tub until after that point
         self.tub.setServiceParent(self)
 
-    def setup_ssh(self):
-        ssh_port = self.get_config("node", "ssh.port", "")
-        if ssh_port:
-            ssh_keyfile_config = self.get_config("node", "ssh.authorized_keys_file").decode('utf-8')
-            ssh_keyfile = abspath_expanduser_unicode(ssh_keyfile_config, base=self.basedir)
-            from allmydata import manhole
-            m = manhole.AuthorizedKeysManhole(ssh_port, ssh_keyfile)
-            m.setServiceParent(self)
-            self.log("AuthorizedKeysManhole listening on %s" % (ssh_port,))
-
     def get_app_versions(self):
         # TODO: merge this with allmydata.get_package_versions
         return dict(app_versions.versions)

diff --git a/src/allmydata/test/test_client.py b/src/allmydata/test/test_client.py
@@ -11,7 +11,6 @@
 from allmydata.frontends.auth import NeedRootcapLookupScheme
 from allmydata import client
 from allmydata.storage_client import StorageFarmBroker
-from allmydata.manhole import AuthorizedKeysManhole
 from allmydata.util import base32, fileutil
 from allmydata.interfaces import IFilesystemNode, IFileNode, \
      IImmutableFileNode, IMutableFileNode, IDirectoryNode
@@ -195,20 +194,6 @@ def test_web_staticdir(self):
         expected = fileutil.abspath_expanduser_unicode(u"relative", abs_basedir)
         self.failUnlessReallyEqual(w.staticdir, expected)
 
-    def test_manhole_keyfile(self):
-        basedir = u"client.Basic.test_manhole_keyfile"
-        os.mkdir(basedir)
-        fileutil.write(os.path.join(basedir, "tahoe.cfg"),
-                       BASECONFIG +
-                       "[node]\n" +
-                       "ssh.port = tcp:0:interface=127.0.0.1\n" +
-                       "ssh.authorized_keys_file = relative\n")
-        c = client.Client(basedir)
-        m = [s for s in c if isinstance(s, AuthorizedKeysManhole)][0]
-        abs_basedir = fileutil.abspath_expanduser_unicode(basedir)
-        expected = fileutil.abspath_expanduser_unicode(u"relative", abs_basedir)
-        self.failUnlessReallyEqual(m.keyfile, expected)
-
     # TODO: also test config options for SFTP.
 
     def test_ftp_auth_keyfile(self):

diff --git a/topfiles/2367.removal b/topfiles/2367.removal
@@ -0,0 +1,6 @@
+The little-used "manhole" debugging feature has been removed. This allowed
+you to SSH or Telnet "into" a Tahoe node, providing an interactive
+Read-Eval-Print-Loop (REPL) that executed inside the context of the running
+process. The SSH authentication code used a deprecated feature of Twisted,
+this code had no unit-test coverage, and I haven't personally used it in at
+least 6 years (despite writing it in the first place). Time to go.