Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SSH ForwardAgent does not work for openvscode #1307

Open
nrontsis opened this issue Oct 7, 2024 · 4 comments · May be fixed by #1471
Open

SSH ForwardAgent does not work for openvscode #1307

nrontsis opened this issue Oct 7, 2024 · 4 comments · May be fixed by #1471
Labels
kind/bug

Comments

@nrontsis
Copy link
Contributor

nrontsis commented Oct 7, 2024
edited
Loading

What happened?
ForwardAgent does not work on openvscode. If I do e.g.

devpod up https://github.com/loft-sh/devpod-example-go --provider docker --ide openvscode

the ssh_auth_sock is pointing to a non-existing file.

vscode ➜ /workspaces/devpod-example-go (main) $ ssh -T git@github.com
git@github.com: Permission denied (publickey).
vscode ➜ /workspaces/devpod-example-go (main) $ ls $SSH_AUTH_SOCK
ls: cannot access '/tmp/auth-agent3979699691/listener.sock': No such file or directory

while manually ssh'ing into the pod via ssh devpod-example-go.devpod has no issue: i.e. ForwardAgent works fine, and I can authenticate e.g. in github fine.

What did you expect to happen instead?
ForwardAgent to work for openvscode, as it does when I ssh into the pod.

How can we reproduce the bug? (as minimally and precisely as possible)
Run:

devpod up https://github.com/loft-sh/devpod-example-go --provider docker --ide openvscode

Local Environment:

  • DevPod Version: v0.5.21
  • Operating System: linux + mac
  • ARCH of the OS: AMD64 + ARM64

DevPod Provider:

  • Local/remote provider: docker 20.10.21

Anything else we need to know?
Nothing
@bkneis
Copy link
Contributor

bkneis commented Oct 9, 2024

@nrontsis thanks for raising this issue and providing a clear summary and example! I have replicated the issue and can confirm the problematic behaviours. After debugging I believe the issue is here https://github.com/loft-sh/devpod/blob/main/pkg/ssh/server/ssh.go#L136. We are overriding the SSH_AUTH_SOCK env var on each handler in the SSH server. I believe the issue is caused due to additional SSH commands that are sent in order to set up the container tunnel via the browser. For instance if you perform ls -la /tmp/auth-agent* you can see the correct listener.sock just in the wrong temp directory. If you manually update SSH_AUTH_SOCK to point to this file it works again.

I think the fix is to change the SSH server implementation so we can specify on a per connection basis if the SSH_AUTH_SOCK should be updated. This might be a fairly big change and I am currently occupied with another feature but will return to this soon!

@nrontsis
Copy link
Contributor Author

nrontsis commented Oct 9, 2024

thanks a lot for the reply and the analysis @bkneis!

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 9, 2024

This issue is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale label Dec 9, 2024
@bkneis bkneis removed the stale label Dec 9, 2024
@bkneis
Copy link
Contributor

bkneis commented Dec 9, 2024
edited
Loading

#1449 #1456 #1464

@bkneis bkneis linked a pull request Dec 12, 2024 that will close this issue
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add --reuse-sock flag so browser IDEs can reuse another SSH connections SSH_AUTH_SOCK bkneis/devpod
2 participants
@nrontsis @bkneis