-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow ssh access to devtainers (#17)
# Integrated support for SSH, VS Code & GitHub Copilot This significant release offers integrated SSH server support, and indirectly support for VS Code server and [GitHub Copilot](https://github.com/features/copilot). Dockside now facilitates: - SSH access to any devtainer by authorised developers; - use command line tools that benefit from key forwarding, such as `git`; - seamless [VS Code remote development](https://code.visualstudio.com/docs/remote/ssh) via the [Remote SSH](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-ssh) extension. Dockside achieves this through: - Provisioning an SSH and a wstunnel server daemon for each devtainer. - Maintaining each devtainer's `~/.ssh/authorized_keys` file with the public ssh keys of the devtainer owner and any other developers with whom the devtainer is shared. - A UI function to open SSH on a devtainer directly with a single click. - Setup instructions, integrated in the Dockside UI, for developers needing to install the wstunnel helper client and configure their local `~/.ssh/config` N.B. Dockside now enables SSH access by default for all new devtainers, though this can be disabled by setting `ssh.default=0` in `config.json`. See [documentation](https://github.com/newsnowlabs/dockside/blob/8a94c67737d9a584df220b4403a1ba0ac1dc4333/docs/extensions/ssh.md) for full details on configuring Dockside for SSH access and see the new Dockside UI for details on configuring clients to tunnel ssh over wstunnel. WARNING: Dockside now takes over control of `~/.ssh/authorized_keys` in new devtainers. Accordingly, SSH support is _not compatible_ with any profiles that mount over this file (or over ~/.ssh if the mounted filesystem contains an `authorized_keys` file). You should take care to disable SSH in such profiles as, otherwise, if you make changes manually to this file on a devtainer that has SSH enabled, your changes may be lost.
- Loading branch information
Showing
33 changed files
with
775 additions
and
237 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
// https://bootstrap-vue.org/docs/components/modal#modal | ||
|
||
<template> | ||
<b-modal id="sshinfo-modal" size="lg" v-model="showModal" @show="onModalShow" title="How to set up SSH" centered> | ||
<p>Download a suitable <a href="https://github.com/erebe/wstunnel" target="_blank" v-b-tooltip title="Open wstunnel in new tab"><code>wstunnel</code></a> | ||
(<a href="https://github.com/erebe/wstunnel/blob/master/LICENSE" target="_blank" v-b-tooltip title="Open in new tab">LICENSE</a>) | ||
binary to your local machine, from either the <a href="https://github.com/erebe/wstunnel/releases" target="_blank" v-b-tooltip title="Open wstunnel in new tab"><code>wstunnel</code> releases page</a> | ||
or the Dockside public bucket (which comprises copies of officially-released binaries and binaries compiled by Dockside):</p> | ||
<p> | ||
<ul> | ||
<li>Linux: | ||
<a href="https://storage.googleapis.com/dockside/wstunnel/v6.0/wstunnel-v6.0-linux-x64" target="_blank">amd64/x86_64 v6.0</a>, | ||
<a href="https://storage.googleapis.com/dockside/wstunnel/v6.0/wstunnel-v6.0-linux-arm64" target="_blank">arm64/aarch64 v6.0</a>, | ||
<a href="https://storage.googleapis.com/dockside/wstunnel/v6.0/wstunnel-v6.0-linux-armv7" target="_blank">armv7 (rPi) v6.0</a> | ||
</li> | ||
<li>Windows: | ||
<a href="https://storage.googleapis.com/dockside/wstunnel/v6.0/wstunnel-v6.0-windows.exe" target="_blank">amd64/x86_64 v6.0</a> | ||
</li> | ||
<li>Mac OS: | ||
<a href="https://storage.googleapis.com/dockside/wstunnel/v6.0/wstunnel-v6.0-macos-x64" target="_blank">amd64/x86_64 v6.0</a>, | ||
<a href="https://storage.googleapis.com/dockside/wstunnel/v6.0/wstunnel-v6.0-macos-arm64" target="_blank">arm64/aarch64 v6.0</a> | ||
</li> | ||
</ul> | ||
</p> | ||
<p>Copy and paste the following text into your <code>~/.ssh/config</code> file:</p> | ||
<pre>{{ text }}</pre> | ||
<p>N.B. | ||
<ul> | ||
<li>After you paste, don't forget to edit the text to specify the correct path to your downloaded <code>wstunnel</code> binary.</li> | ||
<li>On Unix-like systems, be sure to run <code>chmod a+x</code> on your <code>wstunnel</code> binary to make it executable.</li> | ||
<li>Comment or remove the <code>Hostname</code> line if you prefer a separate <code>known_hosts</code> record for each devtainer; | ||
doing this also works around a bug in Mac OS Terminal that repeatedly complains about missing <code>known_hosts</code> entries.</li> | ||
<li>For better results on Mac OS, use <a href="https://iterm2.com/" target="_blank" v-b-tooltip title="Open iterm2 in new tab">iTerm2</a>.</li> | ||
</ul> | ||
</p> | ||
<b-button variant="outline-success" size="sm" type="button" @click="copy(text)">Copy</b-button> | ||
<template #modal-footer> | ||
<b-button variant="primary" @click="closeModal">OK</b-button> | ||
</template> | ||
</b-modal> | ||
</template> | ||
|
||
<script> | ||
import copyToClipboard from '@/utilities/copy-to-clipboard'; | ||
import { getAuthCookies } from '@/services/container'; | ||
export default { | ||
name: 'SSHInfo', | ||
data() { | ||
return { | ||
showModal: false, | ||
cookies: "<UNKNOWN>" | ||
}; | ||
}, | ||
methods: { | ||
openModal() { | ||
this.showModal = true; | ||
}, | ||
onModalShow() { | ||
this.getCookies(); | ||
}, | ||
closeModal() { | ||
this.showModal = false; | ||
}, | ||
copy(value) { | ||
copyToClipboard(value); | ||
}, | ||
getCookies() { | ||
getAuthCookies() | ||
.then(data => { | ||
// Escape '%' suitably for .ssh/config file | ||
this.cookies = data.data.replace(/%/g, '%%'); | ||
}) | ||
.catch((error) => { | ||
if(error.response && error.response.status == 401) { | ||
console.log(error.response.data.msg); | ||
alert(error.response.data.msg); | ||
} | ||
else { | ||
console.error("Error fetching authentication cookie", error); | ||
} | ||
}); | ||
} | ||
}, | ||
computed: { | ||
sshHost() { | ||
// Port number required if running on non-standard ports | ||
return window.location.host; | ||
}, | ||
sshHostname() { | ||
// No port number required | ||
return window.location.hostname; | ||
}, | ||
sshWildcardHost() { | ||
// No port number required | ||
return 'ssh-*' + window.dockside.host.split(':')[0]; | ||
}, | ||
text() { | ||
return `Host ${this.sshWildcardHost} | ||
ProxyCommand <path/to>/wstunnel --hostHeader=%n "--customHeaders=Cookie: ${this.cookies}" -L stdio:127.0.0.1:%p wss://${this.sshHost} | ||
Hostname ${this.sshHostname} | ||
ForwardAgent yes`; | ||
} | ||
} | ||
}; | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.