- Notifications
You must be signed in to change notification settings - Fork928
feat: Add SSH agent forwarding support to coder agent#1548
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Wanted this to be DRAFT PR, can't seem to convert it after the fact. |
I'm surprised it doesn'tjust work with |
Oh you're absolutely right, silly me, I did not look closely at what the actual error output was. So yeah, with |
Ahh, nice! Forwarding with https://pkg.go.dev/golang.org/x/crypto/ssh/agent#ForwardToRemote |
c0a7d75 to3df1a08CompareI believe this is now ready for review. SSH agent forwarding has now been implemented for both For coder ssh --forward-agent<workspace> For SSH: coder config-ssh -o ForwardAgent=yes# orssh -o ForwardAgent=yes coder.<workspace> Thanks@kylecarbs for the pointers, this was surprisingly easy to setup. |
@mafredri that'd be a good example for the usage of |
cli/ssh.go Outdated
| _ = cmd.Flags().MarkHidden("shuffle") | ||
| cliflag.BoolVarP(cmd.Flags(), &forwardAgent, "forward-agent", "", "CODER_SSH_FORWARD_AGENT", false, "Specifies whether to forward the SSH agent specified in $SSH_AUTH_SOCK") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The shorthand flag for this should be-A to match openssh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
A most excellent suggestion, thanks!
cli/ssh_test.go Outdated
| for { | ||
| fd, err := l.Accept() | ||
| if err != nil { | ||
| t.Logf("accept error: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
ignore closed errors
@kylecarbs great suggestion! Added. |
| t.Cleanup(func() { | ||
| <-doneC | ||
| }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
note: I wasn't sure of this so I had to remind myself -- reading from a closed channel will immediately return the zero value of the channel type, and not block.
https://go.dev/play/p/PIS5JU1Lbgz
So this is fine, this won't causet.Cleanup to hang or anything.
| // And we're done. | ||
| pty.WriteLine("exit") | ||
| <-cmdDone | ||
| }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
praise: This is such a cool test.
| //nolint:paralleltest // Disabled due to use of t.Setenv. | ||
| t.Run("ForwardAgent", func(t *testing.T) { | ||
| if runtime.GOOS == "windows" { | ||
| t.Skip("Test not supported on windows") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
remark, non-blocking: recent versions of Windows do include SSH (source) but it's probably a ghastly can of worms to open! So agreed, let's leave this non-Windows for now. 😅
Uh oh!
There was an error while loading.Please reload this page.
Co-authored-by: Cian Johnston <cian@coder.com>
* feat: Add SSH agent forwarding support to coder agent* feat: Add forward agent flag to `coder ssh`* refactor: Share setup between SSH tests, sync goroutines* feat: Add test for `coder ssh --forward-agent`* fix: Fix test flakes and implement Deans suggestion for helpers* fix: Add example to config-ssh* fix: Allow forwarding agent via -ACo-authored-by: Cian Johnston <cian@coder.com>
Uh oh!
There was an error while loading.Please reload this page.
This PR adds support for SSH agent forwarding.
This simple change can support SSH agent forwarding but requires extra steps:As Kyle pointed out, this works fine with the
coder gitsshcommand so the extra steps are not necessary, we only need to make sure thesshForwardAgentsetting is enabled:coder config-sshssh -o ForwardAgent=yes coder.mydev# Inside workspace:git clone git@github.com:private/repo.gitChecklist
Add support for using the forwarded agent toGIT_SSH_COMMAND(i.e.coder gitssh)?coder sshtooFixes#1549.