devpod icon indicating copy to clipboard operation
devpod copied to clipboard

Published 20 hours ago verified publisher icon loft-sh

SSH should prompt to change ~/.ssh/config

Open mgutz opened this issue 2 years ago • 2 comments

devpod cli v0.1.7

I was surprised to find my ~/.ssh/config file was modified without my permission. I understand the need, but that action should ask for confirmation before modifying.

It might be better to store config entries in their own file so ~/.ssh is not touched at all. Use the -F flag like so

ssh -F ~/.config/devpod/ssh.config SOME_NAME

mgutz avatar May 28 '23 06:05 mgutz

Weird...I have the opposite problem. I can't run anything as it is complaining about not able to modify ssh config. I already gave all the permissions upfront while installing DevPod and when I check my system privacy, security settings etc... there is nothing else to change or to give permissions.

This is the error I see appearing in the logs

[08:39:34] fatal open /Users/fabio/.ssh/config: permission denied write ssh config

@pascalbreuninger Any idea? PS: I already gave up on Rancher Desktop with DevPod, just impossible to get it working so I reverted also to Docker Desktop but it doesn't bring me any closer. ref #340

codeagencybe avatar May 30 '23 06:05 codeagencybe

What system are you on @codeagencybe? The proposed solution would also solve your problem as we shouldn't run into permission issues inside of the .devpod folder

pascalbreuninger avatar May 30 '23 12:05 pascalbreuninger

It would be also better to only touch ~/.ssh/config once (maybe even during installation, or when start): to only add something like Include ~/.devpod/ssh_config.d/* there and then only add/remove/change files in ~/.devpod/ssh_config.d/

levsha avatar Jul 23 '23 21:07 levsha

@levsha @codeagencybe you can run devpod up --ssh-config $ALTERNATIVE_CONFIG_PATH to use a different ssh config if you need to for the time being. This isn't configurable from the UI right now but could be a global setting imo

pascalbreuninger avatar Jul 24 '23 06:07 pascalbreuninger

Hi, I stumbled across this behavior as well and find it very unfortunate that DevPod modifies my SSH config without my knowledge. This behavior does not seem to be mentioned in the docs.

Furthermore, DevPod seems to modify the SSH config on every startup, regardless of whether the config already exists, and append it to the end. This actually breaks the SSH config for DevPod, if you use a glob host block before the DevPod config. For example:

Host *
  User foobar

# DevPod Start workspace.devpod
Host workspace.devpod
  ForwardAgent yes
  LogLevel error
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  ProxyCommand /home/foobar/bin/devpod ssh --stdio --context default --user vscode puppet
  User vscode
# DevPod End workspace.devpod

The config after the glob block is unreachable because * will always match (SSH uses "use first match found"). Even if I move the DevPod block manually, on the next devpod up it will be moved to the end again. Maybe you could make use of the existing control comments and only modify lines between those comments to allow users to rearrange this block as needed.

flokoe avatar Aug 07 '23 13:08 flokoe

This worked for me

Host * !*.devpod
  User foo

# DevPod Start workspace.devpod
Host workspace.devpod
  ForwardAgent yes
  LogLevel error
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  ProxyCommand /Applications/DevPod.app/Contents/MacOS/devpod-cli ssh --stdio --context default --user node
  User node
# DevPod End workspace.devpod`
```

therford avatar Jan 09 '24 16:01 therford

With v0.5.5 we prepend entries to the ssh config to avoid other configurations messing with the automated ones. Additionally you can alway set the context option to use a different config file: devpod context set-options -o SSH_CONFIG_PATH=my/config/path

pascalbreuninger avatar Apr 17 '24 19:04 pascalbreuninger