On a fresh macOS 13.4 user profile with no ~/.ssh folder, installing and running gh net appears to create the following files owned by root:staff rather than the logged-in user:
~/.ssh/codespaces.auto
~/.ssh/codespaces.auto.pub
This causes issues for other apps - specifically, attempts to launch local Dev Containers in VS Code. Launching a Codespace in VS Code still works fine.
Fix is to revert the permissions sudo chown -r "${USER}:staff" ~/.ssh
Reproduce steps
Steps to reproduce the behavior:
Have no ~/.ssh folder
Install brew
Install vscode and docker (e.g. brew install --cask visual-studio-code docker)
Install gh cli (e.g. brew install gh)
Install gh net extension (e.g.gh extension install github/gh-net)
Launch a Codespace (web or via VS Code)
Launch a local Dev Container in VS Code (any of the sample ones will do)
Run gh net to provide local networking to the running codespace
Rebuild the local Dev Container - fails to launch
sudo ls -alir ~/.ssh to see permissions are set to root:staff
Expected behavior~/.ssh should not be owned by root
Desktop (please complete the following information):
OS: macOS
Version: 13.4
Platform architecture: arm64
Additional context
I'm assuming this is caused by gh net needing elevated access for networking, but GenerateSSHKey in pkg/ssh/ssh_keys.go#L42 then assumes these privs when creating the directory and files.
Raising this issue in github/gh-net rather than cli/cli since the root cause is the elevated privilege - but happy to report it upstream if that's better
Describe the bug
On a fresh macOS 13.4 user profile with no
~/.ssh
folder, installing and runninggh net
appears to create the following files owned byroot:staff
rather than the logged-in user:This causes issues for other apps - specifically, attempts to launch local Dev Containers in VS Code. Launching a Codespace in VS Code still works fine.
Fix is to revert the permissions
sudo chown -r "${USER}:staff" ~/.ssh
Reproduce steps Steps to reproduce the behavior:
~/.ssh
folderbrew
brew install --cask visual-studio-code docker
)brew install gh
)gh extension install github/gh-net
)gh net
to provide local networking to the running codespacesudo ls -alir ~/.ssh
to see permissions are set toroot:staff
Expected behavior
~/.ssh
should not be owned by rootDesktop (please complete the following information):
Additional context I'm assuming this is caused by
gh net
needing elevated access for networking, butGenerateSSHKey
in pkg/ssh/ssh_keys.go#L42 then assumes these privs when creating the directory and files.Raising this issue in github/gh-net rather than cli/cli since the root cause is the elevated privilege - but happy to report it upstream if that's better