Closed struanb closed 7 months ago
POC sshing into a Dockside devtainer called wstunnel
with a user dockside
, on a Dockside instance at mydockside.co.uk
:
The details:
mkdir /etc/dropbear
and dropbear -RFE -p 127.0.0.1:22
wstunnel-linux-x64 --server <ws://0.0.0.0:8080>
(where 8080 is a port for a service forwarded by the Dockside profile for the ssh
service)~/.ssh/authorized_keys
on your devtainer~/.ssh/config
the below code block
name
with the https authentication cookie name for the Dockside instance (see browser cookies)secret
with the URL-encoded https authentication cookie value piped through sed 's/%/%%/g'
ssh dockside@ssh-wstunnel.mydockside.co.uk
~/.ssh/config
:
ProxyCommand wstunnel --hostHeader="%h" --customHeaders="Cookie: <name=<secret> -L stdio:127.0.0.1:%p <wss://%h:443>
Productionising step 1 within Dockside should not be too difficult.
We've pushed the latest code and docs to https://github.com/newsnowlabs/dockside/tree/devel-ssh-prerelease and built a prerelease Docker image, newsnowlabs/dockside:devel-ssh-prerelease
.
This prerelease is essentially commit https://github.com/newsnowlabs/dockside/commit/8a94c67737d9a584df220b4403a1ba0ac1dc4333:
Integrated SSH server support
- Provisions an SSH and a wstunnel daemon for each devtainer allowing
any authorised developer to SSH in
- Maintenance of `~/.ssh/authorized_keys` file for the devtainer owner
and other developers with whom the devtainer is shared
- One-click SSH from the Dockside UI
- wstunnel helper setup instructions integrated in the Dockside UI
- Facilitates use of any terminal editor or command line tool including
those that benefit from key forwarding, such as `git`;
- Facilitates seamless
[VS Code remote development](https://code.visualstudio.com/docs/remote/ssh)
via the
[Remote SSH](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-ssh)
extension.
Dockside now enables SSH by default for all new devtainers.
If you'd like to try it, follow the install instructions in the README on the prerelease branch (the docker run
command has changed slightly), substituting this prerelease image name newsnowlabs/dockside:devel-ssh-prerelease
for newsnowlabs/dockside
in your docker run
command.
For instructions on enabling, configuring, disabling SSH and technical details, see https://github.com/newsnowlabs/dockside/blob/devel-ssh-prerelease/docs/extensions/ssh.md.
Provide a mechanism to allow users to ssh into their devtainers, with e.g.
ssh dockside@ssh-mydevtainer.mydockside.com