Open abeluck opened 2 years ago
While this might be an bug on the Gitpod side, I'd like to encourage you to use the built-in direct method of SSHing into a Gitpod workspace 😉
I've included the logs from tailscaled
running in the Gitpod workspace when trying to establish a SSH. The exact arguments used when "starting pty command" might be useful for anyone who wants to dive deeper
ssh-session(sess-20220827T120719-bc6c4b5252): handling new SSH connection from <my>@<email> (<ip>) to ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): access granted to <my>@<email> as ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): starting pty command: [/usr/sbin/tailscaled be-child ssh --uid=33333 --gid=33333 --groups=33333,27,108 --local-user=gitpod --remote-user=<my>@<email> --remote-ip=<ip> --has-tty=true --tty-name=pts/5 --shell --login-cmd=/usr/bin/login --cmd=/bin/bash -- -l]
ssh-session(sess-20220827T120719-bc6c4b5252): Wait: code=1
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Bug description
I cannot tailscale ssh into a gitpod container. I've tried several different client devices with the same result.
Authentication via tailscale ssh works, but then the tty cannot be allocated and the process fails with:
Unable to change owner or mode of tty stdin: Operation not permitted
I can tailscale ssh into other non-gitpod containers without issue.
Steps to reproduce
In a gitpod container:
TAILSCALE_AUTHKEY
env var in gitpod with an ephemeral authkeytailscale up
with your authkey and the ssh flagOn another device connected to the tailnet
ssh -v gitpod@<tailnet ip for the gitpod container>
Workspace affected
all
Expected behavior
I expect to be able to SSH to the gitpod instance via tailscale
Example repository
https://github.com/gitpod-io/template-tailscale
Anything else?
I first reported this issue over at tailscale, but based on the findings of this gitpod issue it seems that this phenomenon may be a consequence of gitpod's ssh daemon + container setup.