search

gitpod-io / gitpod

The developer platform for on-demand cloud development environments to create software faster and more securely.
https://www.gitpod.io
GNU Affero General Public License v3.0
12.8k stars 1.23k forks source link

Workaround for users who cannot use port 22 / SSH (e.g. SSH over HTTPS) #7452

Open akosyakov opened 2 years ago

akosyakov commented 2 years ago

We are now rolling out SSH Gateway to all users:

However, some users are reporting that they cannot use SSH because of firewall or ISP issues, e.g.

For me, this is currently my biggest blocking point as my ISP sometimes will block SSH (port 22) and it appears that they are putting in place a deep packet inspection method and will detect the SSH traffic even if I redirect to different ports.

Not to be confused with the following issue to find a solution for Self Installed users who have access to port 22:

For some users (e.g. SaaS) workarounds such as changing the port will not work as they do not have access to the Gitpod installation as in Self-Hosted.

Relates to:

Original description https://github.com/gitpod-io/gitpod/pull/7412 enables us to SSH directly into Gitpod workspace using standard SSH port. It is a standard practice to block this port in firewalls. In order to enable users to work it around we should allow to SSH over HTTPS as well. @iQQBot mentioned that it is hard since ws-proxy already handles https port, but @csweichel i think knows a trick how to multiplex it?

Front logo Front conversations

iQQBot commented 2 years ago

Add another ip, and provider another domain like ssh.ws-eu26.gitpod.io Only special users or automated programs need it

iQQBot commented 2 years ago

Another option is that we analyze the protocol characteristics to determine which subroutine will handle

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

J0F3 commented 2 years ago

This is also be very important for enterprise customers as it is a common thing to block outgoing SSH connection in (big) companies. As long the useLocalApp still works customer behind corporate firewalls which are blocking SSH connection can use that but once it will get removed an other solution is need. Otherwise a lot of enterprises customers would get locked out.

tyler36 commented 1 year ago

Confirming still works, AKA workaround hasn't been disabled (yet).

VSCode settings:

"gitpod.remote.useLocalApp": false,, the "preferred" path, fails for me because company block SSH. "gitpod.remote.useLocalApp": true, , the "old" path, opens VSCode locally.

VScode 1.73.1 Gitpod 0.0.66 Gitpod remote 0.0.38