toolshed/docs.coopcloud.tech
3
1
Fork 21
Code Issues 4 Pull Requests 1 Packages Releases Activity

Demystifying abra + ssh logic #27

New Issue
Closed
opened 2021-11-18 19:30:56 +00:00 by decentral1se · 3 comments
decentral1se commented 2021-11-18 19:30:56 +00:00
Owner
Copy Link

For the benefit of myself + coop-cloud/organising#250 and friends. This is a work-in-progress as I don't even understand how this stuff works yet due to lack of time and too much to do.

We have 2 ways to make ssh connections, 1. is the default docker client method 2. is using the built-in golang ssh lib. We need 2. because we want to handle ssh host keys correctly. That happens here: 56c3e070f5/pkg/ssh/ssh.go (L59-L102)

As I've just investigated, 1. seems to actually require using the /usr/bin/ssh command (😱) to build the connection. This means abra actually relies on the openssh-client package being installed on your system! Just learned this. That happens here: 56c3e070f5/pkg/upstream/commandconn/connection.go (L26-L50)

Using 2. supports ssh-agent and password auth connection methods where ssh-agent supports having multiple keys (which you can check by running ssh-add -L).

abra will first try to read the docker context string (docker context ls, ssh://...) and build the connection details from that. Failing that, it will try to read ~/.ssh/config details via 56c3e070f5/pkg/ssh/ssh.go (L536-L577)

This is quite chaotic but hopefully can be a starting point for cleaning it up!

More to come.

Refs:

For the benefit of myself + https://git.coopcloud.tech/coop-cloud/organising/issues/250 and friends. This is a work-in-progress as I don't even understand how this stuff works yet due to lack of time and too much to do. We have 2 ways to make ssh connections, 1. is the default docker client method 2. is using the built-in golang ssh lib. We need 2. because we want to handle ssh host keys correctly. That happens here: https://git.coopcloud.tech/coop-cloud/abra/src/commit/56c3e070f56e551c24f5a59153a418cdea1b5e65/pkg/ssh/ssh.go#L59-L102 As I've just investigated, 1. seems to actually require using the `/usr/bin/ssh` command (😱) to build the connection. This means `abra` actually relies on the `openssh-client` package being installed on your system! Just learned this. That happens here: https://git.coopcloud.tech/coop-cloud/abra/src/commit/56c3e070f56e551c24f5a59153a418cdea1b5e65/pkg/upstream/commandconn/connection.go#L26-L50 Using 2. supports `ssh-agent` and password auth connection methods where `ssh-agent` supports having multiple keys (which you can check by running `ssh-add -L`). `abra` will first try to read the docker context string (`docker context ls`, `ssh://...`) and build the connection details from that. Failing that, it will try to read `~/.ssh/config` details via https://git.coopcloud.tech/coop-cloud/abra/src/commit/56c3e070f56e551c24f5a59153a418cdea1b5e65/pkg/ssh/ssh.go#L536-L577 This is quite chaotic but hopefully can be a starting point for cleaning it up! More to come. Refs: - https://git.coopcloud.tech/coop-cloud/organising/issues/250 - https://git.coopcloud.tech/coop-cloud/organising/issues/238 - https://git.coopcloud.tech/coop-cloud/organising/issues/251
decentral1se commented 2021-11-18 19:43:53 +00:00
Author
Owner
Copy Link

As I've just investigated, 1. seems to actually require using the /usr/bin/ssh command (😱) to build the connection. This means abra actually relies on the openssh-client package being installed on your system!

So, this code passes no explicit -i <my-key-path via 56c3e070f5/pkg/upstream/commandconn/connection.go (L23) and actually relies also on the ssh-agent having a loaded key! That is the same logic as our built-in ssh lib logic which is good. We may want to pass that key path to be more explicit.

I do think we can converge on some solid "have your ssh-agent setup" docs for this.

> As I've just investigated, 1. seems to actually require using the /usr/bin/ssh command (😱) to build the connection. This means abra actually relies on the openssh-client package being installed on your system! So, this code passes no explicit `-i <my-key-path` via https://git.coopcloud.tech/coop-cloud/abra/src/commit/56c3e070f56e551c24f5a59153a418cdea1b5e65/pkg/upstream/commandconn/connection.go#L23 and actually relies also on the `ssh-agent` having a loaded key! That is the same logic as our built-in ssh lib logic which is good. We may want to pass that key path to be more explicit. I do think we can converge on some solid "have your `ssh-agent` setup" docs for this.
decentral1se commented 2022-01-26 10:58:45 +00:00
Author
Owner
Copy Link

This will be documented in https://docs.coopcloud.tech/operators/trouble/#configuring-ssh.

This will be documented in https://docs.coopcloud.tech/operators/trouble/#configuring-ssh.
decentral1se commented 2022-02-14 10:21:03 +00:00
Author
Owner
Copy Link

https://docs.coopcloud.tech/abra/trouble/#ssh-connection-issues

https://docs.coopcloud.tech/abra/trouble/#ssh-connection-issues
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant abra-bot ammaratef45 Apfelwurm carla cas decentral1se fauno kawaiipunk knoflook lambdabundesverband moritz p4u1 simon trav val yksflip
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: toolshed/docs.coopcloud.tech#27
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?