-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh: Replace cockpit-ssh with cockpit.beiboot #19441
Draft
martinpitt
wants to merge
10
commits into
cockpit-project:main
Choose a base branch
from
martinpitt:beiboot-default
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
martinpitt
added
blocked
Don't land until something else happens first (see task list)
no-test
For doc/workflow changes, or experiments which don't need a full CI run,
labels
Oct 5, 2023
martinpitt
force-pushed
the
beiboot-default
branch
from
October 5, 2023 06:10
f51a1f6
to
d304a90
Compare
4 tasks
martinpitt
force-pushed
the
beiboot-default
branch
2 times, most recently
from
October 6, 2023 06:06
88c969d
to
3b3581c
Compare
martinpitt
changed the title
ssh: Replace cockpit-ssh with cockpit.beiboot with the pybridge
ssh: Replace cockpit-ssh with cockpit.beiboot
Mar 22, 2024
martinpitt
force-pushed
the
beiboot-default
branch
from
March 22, 2024 06:15
3b3581c
to
ea4d544
Compare
martinpitt
force-pushed
the
beiboot-default
branch
3 times, most recently
from
September 3, 2024 12:53
c34aa52
to
ab45c5a
Compare
martinpitt
force-pushed
the
beiboot-default
branch
3 times, most recently
from
September 20, 2024 13:11
a5197b7
to
43ee8f1
Compare
martinpitt
removed
the
blocked
Don't land until something else happens first (see task list)
label
Sep 23, 2024
`cockpit-ssh` always considers both the global and the user known_hosts files, and rejects a host if a non-matching key is present in either. But with `ssh` the key in the user known_hosts file completely overrides the global one. In our case, the user known_hosts file is coming from the browser's localStorage. So reset that before writing a bad key to the global file, which is compatible with both backends.
`COCKPIT_SSH_CONNECT_TO_UNKNOWN_HOSTS` does *not* mean that cockpit-ssh auto-accepts all unknown host keys, so this attempt was bogus. (Not setting it means that cockpit-ssh would not even make a TCP connection attempt to an unknown host; setting the variable makes cockpit-ssh work like ssh to always TCP-connect, and then negotiate the host key).
martinpitt
removed
the
no-test
For doc/workflow changes, or experiments which don't need a full CI run,
label
Sep 23, 2024
martinpitt
force-pushed
the
beiboot-default
branch
2 times, most recently
from
September 23, 2024 11:58
9a2c89d
to
70a2d16
Compare
With old Python versions, SIGTERMing cockpit.beiboot on logout sometimes shows a single > Traceback (most recent call last): line in the journal without any further details. This is harmless and doesn't happen with current Python versions, so just ignore it.
This never happens with cockpit-ssh in the default configuration: That reads cockpit.conf's [Ssh-Login] host= option (defaulting to 127.0.0.1) and ignores that host's key. This is fine for 127.0.0.1, but dangerous and unexpected for external hosts: These should *always* use proper SSH host key validation and change detection. That cockpit.conf option is normally meant to set the default remote host for the login page (evaluated in ws), and either way isn't even documented in our manpage. cockpit-beiboot does not read this option, and really shouldn't: Let's keep it as a regular SSH client, and do the special-casing on the login page.
We are going to need the inverse of `--always` for the initial replacement of cockpit-ssh with beiboot, i.e. always run the remote `cockpit-bridge` and fail if it isn't installed. Replace `--always` with a `--remote-bridge` choice of "auto", "always", "never". Exceptions from beiboot gadgets are not properly propagated, so that requires some plumbing.
Covered by `TestWsBastionContainer.testKnownHosts`.
When beiboot in bastion mode doesn't get user/password credentials from the login page, then disable password authentication, similar to what `cockpit-ssh` does. Without that, ssh will interactively ask about the password in an auth dialog, which doesn't fit the UI workflow. Moreover, it breaks the cockpit/ws container in "encrypted SSH key" mode. Covered by `TestWsBastionContainer.testKeyLogin`
cockpit.beiboot has feature parity with cockpit-ssh, so switch the default direct remote session program to that. Use `--remote-bridge=always` mode for the time being in ws and the container; we are going to support that eventually, but let's not change everything at once. Change ws' detection of remote login availability to "cockpit-bridge and ssh are available". This involves forking a shell now (for running the `command` shell builtin), add an expected message to `TestConnection.testHttpsInstanceDoS`. Drop the `COCKPIT_SSH_BRIDGE_COMMAND` env var documentation, cockpit-beiboot does not use that. Adjust some error messages in the tests. https://issues.redhat.com/browse/COCKPIT-1029
Nothing uses this any more, superseded by cockpit-beiboot. This gets rid of the libssh build dependency. Drop the `Provides: cockpit-ssh` from Debian. No package ever related to that virtual package name, and it's meaningless these days.
With cockpit-beiboot being the only remote command, the login page now never gets the full host key as part of the initial conversation, only the placeholder.
martinpitt
force-pushed
the
beiboot-default
branch
from
September 23, 2024 13:47
70a2d16
to
3347541
Compare
cockpituous
reviewed
Sep 23, 2024
Comment on lines
+870
to
+871
console.error("login: got unexpected host key prompt, expecting login-data placeholder:", key); | ||
fatal(_("Internal protocol error")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These 2 added lines are not executed by any test.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://issues.redhat.com/browse/COCKPIT-1029
TODO:
[Ssh-Login] host =
(ignore_hostkey
in cockpitsshrelay.c) with 127.0.0.1 default (covered byTestLogin.testServer
andTestLoopback.testBasic
)COCKPIT_SSH_KNOWN_HOSTS_FILE
in beiboot. Should be covered byTestWsBastionContainer
(on fcos)git grep cockpit-ssh
test/verify/check-loopback TestLoopback.testBasic
(removes /usr/bin/cockpit-bridge)