Consolidate SSH handling to only speak to /usr/bin/ssh #380

New Issue

Closed

opened 2023-01-18 18:20:54 +00:00 by decentral1se · 4 comments

decentral1se commented 2023-01-18 18:20:54 +00:00

Owner

Copy Link

Attempts in ssh do not use the binary directly and therefore we've run into a lot of issues.

Ideally, we can drop that implementation and just use SSH directly. This should make things easier to reason about and debug SSH related issues. See coop-cloud/organising#345 for more reasons why. We should then get ~/.ssh/config integration for free.

We do want to retain the TOFU prompt for servers without host keys. Instead of having our own hand-rolled one, we'll have the usual system SSH one. We just need to thread user input in.

This change should be seamless except for the change in host key prompt. There may be others and I'll update the ticket as I dive into this. Hopefully not a big breaking change.

Attempts in [`ssh`](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/pkg/ssh/ssh.go) do not use the binary directly and therefore we've run into a lot of issues. Ideally, we can drop that implementation and just use SSH directly. This should make things easier to reason about and debug SSH related issues. See https://git.coopcloud.tech/coop-cloud/organising/issues/345 for more reasons why. We should then get `~/.ssh/config` integration for free. We do want to retain the TOFU prompt for servers without host keys. Instead of having our own hand-rolled one, we'll have the usual system SSH one. We just need to thread user input in. This change should be seamless except for the change in host key prompt. There may be others and I'll update the ticket as I dive into this. Hopefully not a big breaking change.

❤️ 1

decentral1se added the

enhancement

abra

labels 2023-01-18 18:20:54 +00:00

decentral1se added this to the Federation & abra fixes project 2023-01-18 18:20:57 +00:00

decentral1se referenced this issue 2023-01-18 18:21:07 +00:00

If recipe has origin remote with ssh uri & no ssh key loaded, error message is weird #308

decentral1se referenced this issue 2023-01-18 18:21:13 +00:00

SSH Config not recognized #345

decentral1se self-assigned this 2023-01-18 18:23:11 +00:00

decentral1se referenced this issue 2023-01-19 10:57:19 +00:00

FATA[0001] ssh: handshake failed: EOF #375

decentral1se referenced this issue from toolshed/abra 2023-01-21 19:11:10 +00:00

Consolidate SSH handling #255

decentral1se referenced this issue 2023-01-22 17:53:54 +00:00

app deploy fails - FATA[0000] dial unix: missing address #346

decentral1se referenced this issue 2023-01-24 10:58:00 +00:00

Remove Docker provisioning logic? #389

decentral1se commented 2023-01-24 10:59:00 +00:00

Author

Owner

Copy Link

Breaking one part of this into coop-cloud/organising#389.

Breaking one part of this into https://git.coopcloud.tech/coop-cloud/organising/issues/389.

decentral1se commented 2023-01-24 11:01:58 +00:00

Author

Owner

Copy Link

We do want to retain the TOFU prompt for servers without host keys.

Actually, I realise that the Docker CLI doesn't even bother:

docker ps
error during connect: Get "http://docker.example.com/v1.24/containers/json": command [ssh -l d -p 222 -- foo.com docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Host key verification failed.

It runs ssh directly and does pick up the SSH config correctly. It seems like this would be the simplest interaction model that abra could follow. I wonder if that would be useful for us also to do? 🤔

> We do want to retain the TOFU prompt for servers without host keys. Actually, I realise that the Docker CLI doesn't even bother: > docker ps > error during connect: Get "http://docker.example.com/v1.24/containers/json": command [ssh -l d -p 222 -- foo.com docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory Host key verification failed. It runs `ssh` directly and does pick up the SSH config correctly. It seems like this would be the simplest interaction model that `abra` could follow. I wonder if that would be useful for us also to do? 🤔

decentral1se commented 2023-01-25 08:56:20 +00:00

Author

Owner

Copy Link


image.png

78 KiB

decentral1se commented 2023-01-25 15:15:36 +00:00

Author

Owner

Copy Link

Major distros support + "The -G option was introduced in openSSH 6.8, in 2015. You should be pretty safe." so I think this is the way to go! Hope this will be simple in implementation. Taking a pause on working on this atm while we work out Autonomic budget stuff.

Major distros support + "The -G option was introduced in openSSH 6.8, in 2015. You should be pretty safe." so I think this is the way to go! Hope this will be simple in implementation. Taking a pause on working on this atm while we work out Autonomic budget stuff.

decentral1se referenced this issue from a commit 2023-01-31 14:14:20 +00:00

refactor!: rely on SSH directly

decentral1se closed this issue 2023-01-31 14:14:24 +00:00

decentral1se reopened this issue 2023-01-31 20:40:21 +00:00

decentral1se referenced this issue from a commit 2023-01-31 20:40:43 +00:00

refactor!: consolidate SSH handling

decentral1se closed this issue 2023-01-31 20:40:45 +00:00

decentral1se reopened this issue 2023-01-31 20:42:20 +00:00

decentral1se referenced this issue from toolshed/abra 2023-01-31 20:43:01 +00:00

Consolidate SSH handling #255

decentral1se referenced this issue from a commit 2023-01-31 21:04:13 +00:00

refactor!: consolidate SSH handling

decentral1se closed this issue 2023-01-31 21:04:14 +00:00

decentral1se referenced this issue from a commit 2023-02-01 07:02:25 +00:00

refactor!: consolidate SSH handling

decentral1se referenced this issue from a commit 2023-02-02 08:37:26 +00:00

refactor!: consolidate SSH handling

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

Clear labels

abra

Everything to do with abra

abra-gandi

Abra Gandi plugin

awaiting-feedback

Ping/pong on comms

backups

bug

Something is not working

build

Go build related issues

ci/cd

Getting the robots into the mix

community organising

Opening this thing up

contributing

Contributors stuff

coopcloud.tech

Our main website

democracy

Democratic decision making

design

Design thinking required

documentation

Let's write things together

duplicate

This issue or pull request already exists

enhancement

New feature

finance

Money things

funding

Anything related to grant funding

good first issue

Easy start with development

help wanted

Need some help

installer

Installation related issues

kadabra

performance

Performance related

proposal

Large change which requires feedback & decisin making

question

More information is needed

recipes.coopcloud.tech

Our recipes catalogue

security

Securing our shit

test

Unit or integration test suite

wontfix

This won't be fixed

No Label

abra

enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project Federation & abra fixes

Assignees

Clear assignees

3wordchant abra-bot ammaratef45 Apfelwurm cas decentral1se fauno kawaiipunk knoflook lambdabundesverband moritz p4u1 simon trav val yksflip

No Assignees decentral1se

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: toolshed/organising#380

No description provided.