ssh: Replace cockpit-ssh with cockpit.beiboot #19441
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
martinpitt
added
blocked
martinpitt
force-pushed
the
beiboot-default
branch
from
f51a1f6
to
d304a90
Compare
4 tasks
martinpitt
force-pushed
the
beiboot-default
branch
2 times, most recently
from
88c969d
to
3b3581c
Compare
martinpitt
changed the title
martinpitt
force-pushed
the
beiboot-default
branch
from
3b3581c
to
ea4d544
Compare
martinpitt
force-pushed
the
beiboot-default
branch
3 times, most recently
from
c34aa52
to
ab45c5a
Compare
martinpitt
force-pushed
the
beiboot-default
branch
3 times, most recently
from
a5197b7
to
43ee8f1
Compare
martinpitt
removed
the
blocked
`cockpit-ssh` always considers both the global and the user known_hosts files, and rejects a host if a non-matching key is present in either. But with `ssh` the key in the user known_hosts file completely overrides the global one. In our case, the user known_hosts file is coming from the browser's localStorage. So reset that before writing a bad key to the global file, which is compatible with both backends.
`COCKPIT_SSH_CONNECT_TO_UNKNOWN_HOSTS` does *not* mean that cockpit-ssh auto-accepts all unknown host keys, so this attempt was bogus. (Not setting it means that cockpit-ssh would not even make a TCP connection attempt to an unknown host; setting the variable makes cockpit-ssh work like ssh to always TCP-connect, and then negotiate the host key).
martinpitt
removed
the
no-test
martinpitt
force-pushed
the
beiboot-default
branch
2 times, most recently
from
9a2c89d
to
70a2d16
Compare
With old Python versions, SIGTERMing cockpit.beiboot on logout sometimes shows a single > Traceback (most recent call last): line in the journal without any further details. This is harmless and doesn't happen with current Python versions, so just ignore it.
This never happens with cockpit-ssh in the default configuration: That reads cockpit.conf's [Ssh-Login] host= option (defaulting to 127.0.0.1) and ignores that host's key. This is fine for 127.0.0.1, but dangerous and unexpected for external hosts: These should *always* use proper SSH host key validation and change detection. That cockpit.conf option is normally meant to set the default remote host for the login page (evaluated in ws), and either way isn't even documented in our manpage. cockpit-beiboot does not read this option, and really shouldn't: Let's keep it as a regular SSH client, and do the special-casing on the login page.
We are going to need the inverse of `--always` for the initial replacement of cockpit-ssh with beiboot, i.e. always run the remote `cockpit-bridge` and fail if it isn't installed. Replace `--always` with a `--remote-bridge` choice of "auto", "always", "never". Exceptions from beiboot gadgets are not properly propagated, so that requires some plumbing.
Covered by `TestWsBastionContainer.testKnownHosts`.
When beiboot in bastion mode doesn't get user/password credentials from the login page, then disable password authentication, similar to what `cockpit-ssh` does. Without that, ssh will interactively ask about the password in an auth dialog, which doesn't fit the UI workflow. Moreover, it breaks the cockpit/ws container in "encrypted SSH key" mode. Covered by `TestWsBastionContainer.testKeyLogin`
cockpit.beiboot has feature parity with cockpit-ssh, so switch the default direct remote session program to that. Use `--remote-bridge=always` mode for the time being in ws and the container; we are going to support that eventually, but let's not change everything at once. Change ws' detection of remote login availability to "cockpit-bridge and ssh are available". This involves forking a shell now (for running the `command` shell builtin), add an expected message to `TestConnection.testHttpsInstanceDoS`. Drop the `COCKPIT_SSH_BRIDGE_COMMAND` env var documentation, cockpit-beiboot does not use that. Adjust some error messages in the tests. https://issues.redhat.com/browse/COCKPIT-1029
Nothing uses this any more, superseded by cockpit-beiboot. This gets rid of the libssh build dependency. Drop the `Provides: cockpit-ssh` from Debian. No package ever related to that virtual package name, and it's meaningless these days.
With cockpit-beiboot being the only remote command, the login page now never gets the full host key as part of the initial conversation, only the placeholder.
martinpitt
force-pushed
the
beiboot-default
branch
from
70a2d16
to
3347541
Compare
cockpituous
reviewed
Sep 23, 2024
Comment on lines
+870
to
+871
| console.error("login: got unexpected host key prompt, expecting login-data placeholder:", key); | ||
| fatal(_("Internal protocol error")); |
There was a problem hiding this comment.
These 2 added lines are not executed by any test.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://issues.redhat.com/browse/COCKPIT-1029
TODO:
[Ssh-Login] host =(ignore_hostkeyin cockpitsshrelay.c) with 127.0.0.1 default (covered byTestLogin.testServerandTestLoopback.testBasic)COCKPIT_SSH_KNOWN_HOSTS_FILEin beiboot. Should be covered byTestWsBastionContainer(on fcos)git grep cockpit-sshtest/verify/check-loopback TestLoopback.testBasic(removes /usr/bin/cockpit-bridge)