Password is asked for multiple times - Githubissues

coder / sshcode

Run VS Code on any server over SSH.

MIT License

5.74k stars 216 forks source link

Password is asked for multiple times #115

Closed sumanthratna closed 5 years ago

sumanthratna commented 5 years ago

I ran sshcode <ssh alias> and I was asked for my password 4 times. I can't set up passwordless ssh because of the way Kerberos and AFS are set up on the remote server.

It would be great if there was somehow a way to only ask for the password once. However, this would probably sacrifice some security.

deansheather commented 5 years ago

The cause of this is calling the ssh and rsync binaries directly multiple times. I don't think it's a good idea for us to handle passwords and to just let the binaries handle them themselves.

We can remove the need for ssh/rsync if we used golang's inbuilt SSH packages. I was writing a PR for this then the code got heavily changed and my changes are old. I might try this again soon.

sumanthratna commented 5 years ago

You're right, if crypto/ssh is used, then ssh.ClientConfig would likely be useful. Then the credentials would only be needed once and multiple requests could be made without needing the password each time.

This link might be useful (but it might also be outdated).

deansheather commented 5 years ago

I think if we use golang for SSH we could also do this in one SSH connection instead of requiring multiple. I'm pretty sure you can use a single SSH connection for both commands and SCP.

deansheather commented 5 years ago

The biggest issue I see with not using the ssh binary is losing the versatility that you get from it. If you look at the man pages for SSH(1) you can see that there's an abundance of options that aren't used by the average user, but more advanced users may end up using. At the moment we provide the --ssh-flags flag on sshcode to allow for this. It would be nice to not have to call external processes, but I think it's the best solution.

ssh can do multiple sessions over one client connection (only requiring authentication for the initial connection) if you designate a master process (-M) and use the same control socket path for each call to ssh (-S /path/to/socket). This would be much easier to implement, and wouldn't interfere with advanced usecases (we could add a flag to disable this behaviour if it interferes with anyone's configuration).

Example:

@prompt1 $ ssh -MNS /tmp/test kasumi
Enter passphrase for key '/home/dean/.ssh/id_rsa':

@prompt2 $ ssh -S /tmp/test kasumi
dean@kasumi:~$

@prompt3 $ rsync -avh --progress -e 'ssh -S /tmp/test' kasumi:~/test.txt ./
receiving incremental file list
test.txt
         27.84K 100%   26.55MB/s    0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 27.95K bytes  8.00K bytes/sec
total size is 27.84K  speedup is 0.99

@prompt4 $ ssh -S /tmp/test -O check kasumi
Master running (pid=13719)

@prompt5 $ ssh -S /tmp/test -O exit kasumi
Exit request sent.

The command in prompt4 will return exit status 255 if the socket isn't ready or doesn't exist. The master process won't create the socket until it's ready to accept sessions (i.e. connected and authenticated).

deansheather commented 5 years ago

I will write a PR for this tomorrow.

deansheather commented 5 years ago

@sumanthratna I created a draft PR for a master socket, could you please clone reuse-ssh-connection and check if it works for your environment?

sumanthratna commented 4 years ago

Sorry to bring back an old issue, but I just tried again and I was asked for my password many times. Output of sshcode tj:

2019-12-29 13:11:06 INFO    starting SSH master connection...
2022sratna@remote.tjhsst.edu's password: 
2019-12-29 13:11:37 ERROR   failed to start SSH master connection: SSH master wasn't ready on time: max number of tries exceeded: 30
2019-12-29 13:11:37 INFO    ensuring code-server is updated...
2022sratna@remote.tjhsst.edu's password: 
++ uname -m
+ '[' x86_64 '!=' x86_64 ']'
+ pkill -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ mkdir -p /afs/csl.tjhsst.edu/students/2022/2022sratna/.local/share/code-server /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ cd /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ curlflags='-o latest-linux'
+ '[' -f latest-linux ']'
+ curlflags='-o latest-linux -z latest-linux'
+ curl -o latest-linux -z latest-linux https://codesrv-ci.cdr.sh/latest-linux
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
+ '[' -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server ']'
+ rm /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ ln latest-linux /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ chmod +x /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
2019-12-29 13:13:11 INFO    syncing settings
2022sratna@remote.tjhsst.edu's password: 
building file list ... done

sent 192 bytes  received 20 bytes  24.94 bytes/sec
total size is 172032  speedup is 811.47
2019-12-29 13:13:19 INFO    synced settings in 7.225311372s
2019-12-29 13:13:19 INFO    syncing extensions
2022sratna@remote.tjhsst.edu's password: 
building file list ... done

sent 76 bytes  received 20 bytes  27.43 bytes/sec
total size is 0  speedup is 0.00
2019-12-29 13:13:22 INFO    synced extensions in 10.508270347s
2019-12-29 13:13:22 INFO    starting code-server...
2019-12-29 13:13:22 INFO    Tunneling remote port 51107 to 127.0.0.1:31419
2022sratna@remote.tjhsst.edu's password: 
info  Server listening on http://127.0.0.1:51107
info    - No authentication
info    - Not serving HTTPS
^C2019-12-29 13:14:30 INFO  shutting down

Output of sshcode --ssh-flags '-o "ControlPath=~/.ssh/control-%h-%p-%r"' tj:

2019-12-29 13:16:03 INFO    starting SSH master connection...
2022sratna@remote.tjhsst.edu's password: 
2019-12-29 13:16:34 ERROR   failed to start SSH master connection: SSH master wasn't ready on time: max number of tries exceeded: 30
2019-12-29 13:16:34 INFO    ensuring code-server is updated...
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
2022sratna@remote.tjhsst.edu's password: 
++ uname -m
+ '[' x86_64 '!=' x86_64 ']'
+ pkill -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ true
+ mkdir -p /afs/csl.tjhsst.edu/students/2022/2022sratna/.local/share/code-server /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ cd /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ curlflags='-o latest-linux'
+ '[' -f latest-linux ']'
+ curlflags='-o latest-linux -z latest-linux'
+ curl -o latest-linux -z latest-linux https://codesrv-ci.cdr.sh/latest-linux
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
+ '[' -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server ']'
+ rm /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ ln latest-linux /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ chmod +x /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
2019-12-29 13:17:10 INFO    syncing settings
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
2022sratna@remote.tjhsst.edu's password: 
building file list ... done
deleting state/global.json
deleting state/empty-window.json
deleting state/-721c4179.json
deleting state/
./

sent 198 bytes  received 26 bytes  10.93 bytes/sec
total size is 172032  speedup is 768.00
2019-12-29 13:17:30 INFO    synced settings in 20.892316347s
2019-12-29 13:17:30 INFO    syncing extensions
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
2022sratna@remote.tjhsst.edu's password: 
building file list ... done

sent 76 bytes  received 20 bytes  21.33 bytes/sec
total size is 0  speedup is 0.00
2019-12-29 13:17:34 INFO    synced extensions in 23.973192331s
2019-12-29 13:17:34 INFO    starting code-server...
2019-12-29 13:17:34 INFO    Tunneling remote port 64098 to 127.0.0.1:60900
2022sratna@remote.tjhsst.edu's password: 
info  Server listening on http://127.0.0.1:64098
info    - No authentication
info    - Not serving HTTPS
^C2019-12-29 13:18:08 INFO  shutting down

I'm on macOS 10.15.3 Beta. sshcode --version prints a newline (https://github.com/cdr/sshcode/issues/154), but I installed sshcode via go get.

EDIT: sshcode --ssh-flags '-o "ControlPath=/tmp/test" -o "ControlMaster=auto" -o "ControlPersist=5m"' tj works fine, but I still think #116 should be fixed because the SSH connection will be kept after sshcode is quit.

Merith-TK commented 4 years ago

Please Open a new issue as the code has. Changed a decent amount since this issue was closed and may be a issue caused by. Code changes.

Also include what day you installed sshcode via GoGet