Closed sumanthratna closed 5 years ago
The cause of this is calling the ssh
and rsync
binaries directly multiple times. I don't think it's a good idea for us to handle passwords and to just let the binaries handle them themselves.
We can remove the need for ssh/rsync if we used golang's inbuilt SSH packages. I was writing a PR for this then the code got heavily changed and my changes are old. I might try this again soon.
You're right, if crypto/ssh
is used, then ssh.ClientConfig
would likely be useful. Then the credentials would only be needed once and multiple requests could be made without needing the password each time.
This link might be useful (but it might also be outdated).
I think if we use golang for SSH we could also do this in one SSH connection instead of requiring multiple. I'm pretty sure you can use a single SSH connection for both commands and SCP.
The biggest issue I see with not using the ssh
binary is losing the versatility that you get from it. If you look at the man pages for SSH(1) you can see that there's an abundance of options that aren't used by the average user, but more advanced users may end up using. At the moment we provide the --ssh-flags
flag on sshcode to allow for this. It would be nice to not have to call external processes, but I think it's the best solution.
ssh
can do multiple sessions over one client connection (only requiring authentication for the initial connection) if you designate a master process (-M
) and use the same control socket path for each call to ssh
(-S /path/to/socket
). This would be much easier to implement, and wouldn't interfere with advanced usecases (we could add a flag to disable this behaviour if it interferes with anyone's configuration).
Example:
@prompt1 $ ssh -MNS /tmp/test kasumi
Enter passphrase for key '/home/dean/.ssh/id_rsa':
@prompt2 $ ssh -S /tmp/test kasumi
dean@kasumi:~$
@prompt3 $ rsync -avh --progress -e 'ssh -S /tmp/test' kasumi:~/test.txt ./
receiving incremental file list
test.txt
27.84K 100% 26.55MB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 43 bytes received 27.95K bytes 8.00K bytes/sec
total size is 27.84K speedup is 0.99
@prompt4 $ ssh -S /tmp/test -O check kasumi
Master running (pid=13719)
@prompt5 $ ssh -S /tmp/test -O exit kasumi
Exit request sent.
The command in prompt4 will return exit status 255 if the socket isn't ready or doesn't exist. The master process won't create the socket until it's ready to accept sessions (i.e. connected and authenticated).
I will write a PR for this tomorrow.
@sumanthratna I created a draft PR for a master socket, could you please clone reuse-ssh-connection
and check if it works for your environment?
Sorry to bring back an old issue, but I just tried again and I was asked for my password many times.
Output of sshcode tj
:
2019-12-29 13:11:06 INFO starting SSH master connection...
2022sratna@remote.tjhsst.edu's password:
2019-12-29 13:11:37 ERROR failed to start SSH master connection: SSH master wasn't ready on time: max number of tries exceeded: 30
2019-12-29 13:11:37 INFO ensuring code-server is updated...
2022sratna@remote.tjhsst.edu's password:
++ uname -m
+ '[' x86_64 '!=' x86_64 ']'
+ pkill -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ mkdir -p /afs/csl.tjhsst.edu/students/2022/2022sratna/.local/share/code-server /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ cd /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ curlflags='-o latest-linux'
+ '[' -f latest-linux ']'
+ curlflags='-o latest-linux -z latest-linux'
+ curl -o latest-linux -z latest-linux https://codesrv-ci.cdr.sh/latest-linux
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
+ '[' -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server ']'
+ rm /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ ln latest-linux /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ chmod +x /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
2019-12-29 13:13:11 INFO syncing settings
2022sratna@remote.tjhsst.edu's password:
building file list ... done
sent 192 bytes received 20 bytes 24.94 bytes/sec
total size is 172032 speedup is 811.47
2019-12-29 13:13:19 INFO synced settings in 7.225311372s
2019-12-29 13:13:19 INFO syncing extensions
2022sratna@remote.tjhsst.edu's password:
building file list ... done
sent 76 bytes received 20 bytes 27.43 bytes/sec
total size is 0 speedup is 0.00
2019-12-29 13:13:22 INFO synced extensions in 10.508270347s
2019-12-29 13:13:22 INFO starting code-server...
2019-12-29 13:13:22 INFO Tunneling remote port 51107 to 127.0.0.1:31419
2022sratna@remote.tjhsst.edu's password:
info Server listening on http://127.0.0.1:51107
info - No authentication
info - Not serving HTTPS
^C2019-12-29 13:14:30 INFO shutting down
Output of sshcode --ssh-flags '-o "ControlPath=~/.ssh/control-%h-%p-%r"' tj
:
2019-12-29 13:16:03 INFO starting SSH master connection...
2022sratna@remote.tjhsst.edu's password:
2019-12-29 13:16:34 ERROR failed to start SSH master connection: SSH master wasn't ready on time: max number of tries exceeded: 30
2019-12-29 13:16:34 INFO ensuring code-server is updated...
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
2022sratna@remote.tjhsst.edu's password:
++ uname -m
+ '[' x86_64 '!=' x86_64 ']'
+ pkill -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ true
+ mkdir -p /afs/csl.tjhsst.edu/students/2022/2022sratna/.local/share/code-server /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ cd /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ curlflags='-o latest-linux'
+ '[' -f latest-linux ']'
+ curlflags='-o latest-linux -z latest-linux'
+ curl -o latest-linux -z latest-linux https://codesrv-ci.cdr.sh/latest-linux
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
+ '[' -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server ']'
+ rm /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ ln latest-linux /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ chmod +x /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
2019-12-29 13:17:10 INFO syncing settings
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
2022sratna@remote.tjhsst.edu's password:
building file list ... done
deleting state/global.json
deleting state/empty-window.json
deleting state/-721c4179.json
deleting state/
./
sent 198 bytes received 26 bytes 10.93 bytes/sec
total size is 172032 speedup is 768.00
2019-12-29 13:17:30 INFO synced settings in 20.892316347s
2019-12-29 13:17:30 INFO syncing extensions
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
2022sratna@remote.tjhsst.edu's password:
building file list ... done
sent 76 bytes received 20 bytes 21.33 bytes/sec
total size is 0 speedup is 0.00
2019-12-29 13:17:34 INFO synced extensions in 23.973192331s
2019-12-29 13:17:34 INFO starting code-server...
2019-12-29 13:17:34 INFO Tunneling remote port 64098 to 127.0.0.1:60900
2022sratna@remote.tjhsst.edu's password:
info Server listening on http://127.0.0.1:64098
info - No authentication
info - Not serving HTTPS
^C2019-12-29 13:18:08 INFO shutting down
I'm on macOS 10.15.3 Beta. sshcode --version
prints a newline (https://github.com/cdr/sshcode/issues/154), but I installed sshcode
via go get
.
EDIT:
sshcode --ssh-flags '-o "ControlPath=/tmp/test" -o "ControlMaster=auto" -o "ControlPersist=5m"' tj
works fine, but I still think #116 should be fixed because the SSH connection will be kept after sshcode
is quit.
Please Open a new issue as the code has. Changed a decent amount since this issue was closed and may be a issue caused by. Code changes.
Also include what day you installed sshcode via GoGet
I ran
sshcode <ssh alias>
and I was asked for my password 4 times. I can't set up passwordlessssh
because of the way Kerberos and AFS are set up on the remote server.It would be great if there was somehow a way to only ask for the password once. However, this would probably sacrifice some security.