- Notifications
You must be signed in to change notification settings - Fork1k
fix(agent/agentssh): use deterministic host key for SSH server#16626
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
fix(agent/agentssh): use deterministic host key for SSH server#16626
Conversation
ThomasK33 commentedFeb 19, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
This stack of pull requests is managed byGraphite. Learn more aboutstacking. |
47bcb17 to92e2d6dCompare92e2d6d tof744aa5CompareUh oh!
There was an error while loading.Please reload this page.
f744aa5 tod74cb78Compared74cb78 to38f9dfcCompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think you found a great approach here, nice work! Just one minor nit wrt the seed source, otherwise LGTM.
I would still like to see a test that ensures the this behaves as expected.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Overall, looks good. Couple comments inline
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
38f9dfc tocab51d9CompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
cab51d9 to9c85cdeCompare
mafredri left a comment• edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It might be worthwhile to add one more test in theagent package to ensure the signer is set to the expected key via the manifest, but I won't block on its addition.
Context: Right now the tests verify that the host key change works since a host key has been omitted by default, so if update isn't called, tests will fail. An unlikely scenario would be that someone added back the default key (for whatever reason), and broke the update method. No test would catch this currently, i.e. there's nothing to guard/verify the change we wanted to achieve in this PR.
9c85cde to658db5aCompareThomasK33 commentedFeb 21, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Adding the test was a great idea; you should have blocked the PR for its addition. 😅 Since the As it turns out, Go's stdlib is very specific about Long story short, we're now computing RSA keys by hand to overcome this limitation, and we now consistently generate the same key because we're not cutting off that first byte. On a side note, we should consider rolling out this host key validation for all CLI SSH tests in the future, but I don't want to blow the scope of this PR. |
658db5a tod0206e7CompareChange-Id: I8c7e3070324e5d558374fd6891eea9d48660e1e9Signed-off-by: Thomas Kosiewski <tk@coder.com>
d0206e7 toad275dcCompare6607464 intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Fixes:#16490
The Agent's SSH server now initially generates fixed host keys and, once it receives its manifest, generates and replaces that host key with the one derived from the workspace ID, ensuring consistency across agent restarts. This prevents SSH warnings and host key verification errors when connecting to workspaces through Coder Desktop.
While deterministic keys might seem insecure, the underlying Wireguard tunnel already provides encryption and anti-spoofing protection at the network layer, making this approach acceptable for our use case.
Change-Id: I8c7e3070324e5d558374fd6891eea9d48660e1e9
Signed-off-by: Thomas Kosiewskitk@coder.com