search

gitpod-io / gitpod

The developer platform for on-demand cloud development environments to create software faster and more securely.
https://www.gitpod.io
GNU Affero General Public License v3.0
12.77k stars 1.22k forks source link

Tailscale ssh to a gitpod container: "Unable to change owner or mode of tty stdin: Operation not permitted" #11195

Open abeluck opened 2 years ago

abeluck commented 2 years ago

Bug description

I cannot tailscale ssh into a gitpod container. I've tried several different client devices with the same result.

Authentication via tailscale ssh works, but then the tty cannot be allocated and the process fails with:

Unable to change owner or mode of tty stdin: Operation not permitted

I can tailscale ssh into other non-gitpod containers without issue.

Steps to reproduce

In a gitpod container:

  1. I've configured the TAILSCALE_AUTHKEY env var in gitpod with an ephemeral authkey
  2. Open the gitpod https://github.com/gitpod-io/template-tailscale
  3. Run tailscale up with your authkey and the ssh flag

On another device connected to the tailnet

Workspace affected

all

Expected behavior

I expect to be able to SSH to the gitpod instance via tailscale

Example repository

https://github.com/gitpod-io/template-tailscale

Anything else?

I first reported this issue over at tailscale, but based on the findings of this gitpod issue it seems that this phenomenon may be a consequence of gitpod's ssh daemon + container setup.

axonasif commented 2 years ago

While this might be an bug on the Gitpod side, I'd like to encourage you to use the built-in direct method of SSHing into a Gitpod workspace 😉

mads-hartmann commented 2 years ago

I've included the logs from tailscaled running in the Gitpod workspace when trying to establish a SSH. The exact arguments used when "starting pty command" might be useful for anyone who wants to dive deeper 

ssh-session(sess-20220827T120719-bc6c4b5252): handling new SSH connection from <my>@<email> (<ip>) to ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): access granted to <my>@<email> as ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): starting pty command: [/usr/sbin/tailscaled be-child ssh --uid=33333 --gid=33333 --groups=33333,27,108 --local-user=gitpod --remote-user=<my>@<email> --remote-ip=<ip> --has-tty=true --tty-name=pts/5 --shell --login-cmd=/usr/bin/login --cmd=/bin/bash -- -l]
ssh-session(sess-20220827T120719-bc6c4b5252): Wait: code=1
stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.