search

newsnowlabs / dockside

Develop, stage and test on-prem or in your private cloud. Dockside is a tool for provisioning lightweight access-controlled IDEs, staging environments and sandboxes - aka 'devtainers' - on local machine, on-premises raw metal or VM, or in the cloud
https://dockside.io/
Apache License 2.0
253 stars 17 forks source link

Allow ssh access to devtainers #16

Closed struanb closed 7 months ago

struanb commented 1 year ago

Provide a mechanism to allow users to ssh into their devtainers, with e.g. ssh dockside@ssh-mydevtainer.mydockside.com

struanb commented 1 year ago

POC sshing into a Dockside devtainer called wstunnel with a user dockside, on a Dockside instance at mydockside.co.uk:

The details:

  1. In your devtainer
    1. Install dropbear
      1. As root, run mkdir /etc/dropbear and dropbear -RFE -p 127.0.0.1:22
    2. Install wstunnel (prob. can be installed as part of dockside so automatically available to every devtainer)
      1. Run wstunnel-linux-x64 --server <ws://0.0.0.0:8080> (where 8080 is a port for a service forwarded by the Dockside profile for the ssh service)
    3. Add your public key to ~/.ssh/authorized_keys on your devtainer
  2. On a Mac
    1. Download wstunnel binary
    2. Add to ~/.ssh/config the below code block
      1. Replace name with the https authentication cookie name for the Dockside instance (see browser cookies)
      2. Replace secret with the URL-encoded https authentication cookie value piped through sed 's/%/%%/g'
    3. SSH to your devtainer with the relevant username e.g.
      1. ssh dockside@ssh-wstunnel.mydockside.co.uk

~/.ssh/config:

   ProxyCommand wstunnel --hostHeader="%h" --customHeaders="Cookie: <name=<secret> -L stdio:127.0.0.1:%p <wss://%h:443>

Productionising step 1 within Dockside should not be too difficult.

struanb commented 10 months ago

We've pushed the latest code and docs to https://github.com/newsnowlabs/dockside/tree/devel-ssh-prerelease and built a prerelease Docker image, newsnowlabs/dockside:devel-ssh-prerelease.

This prerelease is essentially commit https://github.com/newsnowlabs/dockside/commit/8a94c67737d9a584df220b4403a1ba0ac1dc4333:

Integrated SSH server support
- Provisions an SSH and a wstunnel daemon for each devtainer allowing
  any authorised developer to SSH in
- Maintenance of `~/.ssh/authorized_keys` file for the devtainer owner
  and other developers with whom the devtainer is shared
- One-click SSH from the Dockside UI
- wstunnel helper setup instructions integrated in the Dockside UI
- Facilitates use of any terminal editor or command line tool including
  those that benefit from key forwarding, such as `git`;
- Facilitates seamless
  [VS Code remote development](https://code.visualstudio.com/docs/remote/ssh)
  via the
  [Remote SSH](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-ssh)
  extension.

Dockside now enables SSH by default for all new devtainers.

If you'd like to try it, follow the install instructions in the README on the prerelease branch (the docker run command has changed slightly), substituting this prerelease image name newsnowlabs/dockside:devel-ssh-prerelease for newsnowlabs/dockside in your docker run command.

For instructions on enabling, configuring, disabling SSH and technical details, see https://github.com/newsnowlabs/dockside/blob/devel-ssh-prerelease/docs/extensions/ssh.md.