Skip to content
This repository was archived by the owner on Jan 17, 2021. It is now read-only.

Password is asked for multiple times #115

Closed
sumanthratna opened this issue Jun 9, 2019 · 8 comments · Fixed by #116
Closed

Password is asked for multiple times #115

sumanthratna opened this issue Jun 9, 2019 · 8 comments · Fixed by #116
Assignees
@deansheather

Comments

@sumanthratna
Copy link

sumanthratna commented Jun 9, 2019
edited
Loading

I ran sshcode <ssh alias> and I was asked for my password 4 times. I can't set up passwordless ssh because of the way Kerberos and AFS are set up on the remote server.

It would be great if there was somehow a way to only ask for the password once. However, this would probably sacrifice some security.
@deansheather
Copy link
Member

The cause of this is calling the ssh and rsync binaries directly multiple times. I don't think it's a good idea for us to handle passwords and to just let the binaries handle them themselves.

We can remove the need for ssh/rsync if we used golang's inbuilt SSH packages. I was writing a PR for this then the code got heavily changed and my changes are old. I might try this again soon.

@sumanthratna
Copy link
Author

You're right, if crypto/ssh is used, then ssh.ClientConfig would likely be useful. Then the credentials would only be needed once and multiple requests could be made without needing the password each time.

This link might be useful (but it might also be outdated).

@deansheather
Copy link
Member

I think if we use golang for SSH we could also do this in one SSH connection instead of requiring multiple. I'm pretty sure you can use a single SSH connection for both commands and SCP.

@deansheather
Copy link
Member

The biggest issue I see with not using the ssh binary is losing the versatility that you get from it. If you look at the man pages for SSH(1) you can see that there's an abundance of options that aren't used by the average user, but more advanced users may end up using. At the moment we provide the --ssh-flags flag on sshcode to allow for this. It would be nice to not have to call external processes, but I think it's the best solution.

ssh can do multiple sessions over one client connection (only requiring authentication for the initial connection) if you designate a master process (-M) and use the same control socket path for each call to ssh (-S /path/to/socket). This would be much easier to implement, and wouldn't interfere with advanced usecases (we could add a flag to disable this behaviour if it interferes with anyone's configuration).

Example:

@prompt1 $ ssh -MNS /tmp/test kasumi
Enter passphrase for key '/home/dean/.ssh/id_rsa':

@prompt2 $ ssh -S /tmp/test kasumi
dean@kasumi:~$

@prompt3 $ rsync -avh --progress -e 'ssh -S /tmp/test' kasumi:~/test.txt ./
receiving incremental file list
test.txt
         27.84K 100%   26.55MB/s    0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes  received 27.95K bytes  8.00K bytes/sec
total size is 27.84K  speedup is 0.99

@prompt4 $ ssh -S /tmp/test -O check kasumi
Master running (pid=13719)

@prompt5 $ ssh -S /tmp/test -O exit kasumi
Exit request sent.

The command in prompt4 will return exit status 255 if the socket isn't ready or doesn't exist. The master process won't create the socket until it's ready to accept sessions (i.e. connected and authenticated).

@deansheather
Copy link
Member

I will write a PR for this tomorrow.

@deansheather deansheather self-assigned this Jun 11, 2019
@deansheather deansheather mentioned this issue Jun 12, 2019
Merged
3 tasks
@deansheather
Copy link
Member

@sumanthratna I created a draft PR for a master socket, could you please clone reuse-ssh-connection and check if it works for your environment?

@sumanthratna
Copy link
Author

sumanthratna commented Dec 29, 2019
edited
Loading

Sorry to bring back an old issue, but I just tried again and I was asked for my password many times.
Output of sshcode tj:

2019-12-29 13:11:06 INFO	starting SSH master connection...
[email protected]'s password: 
2019-12-29 13:11:37 ERROR	failed to start SSH master connection: SSH master wasn't ready on time: max number of tries exceeded: 30
2019-12-29 13:11:37 INFO	ensuring code-server is updated...
[email protected]'s password: 
++ uname -m
+ '[' x86_64 '!=' x86_64 ']'
+ pkill -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ mkdir -p /afs/csl.tjhsst.edu/students/2022/2022sratna/.local/share/code-server /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ cd /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ curlflags='-o latest-linux'
+ '[' -f latest-linux ']'
+ curlflags='-o latest-linux -z latest-linux'
+ curl -o latest-linux -z latest-linux https://codesrv-ci.cdr.sh/latest-linux
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
+ '[' -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server ']'
+ rm /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ ln latest-linux /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ chmod +x /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
2019-12-29 13:13:11 INFO	syncing settings
[email protected]'s password: 
building file list ... done

sent 192 bytes  received 20 bytes  24.94 bytes/sec
total size is 172032  speedup is 811.47
2019-12-29 13:13:19 INFO	synced settings in 7.225311372s
2019-12-29 13:13:19 INFO	syncing extensions
[email protected]'s password: 
building file list ... done

sent 76 bytes  received 20 bytes  27.43 bytes/sec
total size is 0  speedup is 0.00
2019-12-29 13:13:22 INFO	synced extensions in 10.508270347s
2019-12-29 13:13:22 INFO	starting code-server...
2019-12-29 13:13:22 INFO	Tunneling remote port 51107 to 127.0.0.1:31419
[email protected]'s password: 
info  Server listening on http://127.0.0.1:51107
info    - No authentication
info    - Not serving HTTPS
^C2019-12-29 13:14:30 INFO	shutting down

Output of sshcode --ssh-flags '-o "ControlPath=~/.ssh/control-%h-%p-%r"' tj:

2019-12-29 13:16:03 INFO	starting SSH master connection...
[email protected]'s password: 
2019-12-29 13:16:34 ERROR	failed to start SSH master connection: SSH master wasn't ready on time: max number of tries exceeded: 30
2019-12-29 13:16:34 INFO	ensuring code-server is updated...
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
[email protected]'s password: 
++ uname -m
+ '[' x86_64 '!=' x86_64 ']'
+ pkill -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ true
+ mkdir -p /afs/csl.tjhsst.edu/students/2022/2022sratna/.local/share/code-server /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ cd /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode
+ curlflags='-o latest-linux'
+ '[' -f latest-linux ']'
+ curlflags='-o latest-linux -z latest-linux'
+ curl -o latest-linux -z latest-linux https://codesrv-ci.cdr.sh/latest-linux
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
+ '[' -f /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server ']'
+ rm /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ ln latest-linux /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
+ chmod +x /afs/csl.tjhsst.edu/students/2022/2022sratna/.cache/sshcode/sshcode-server
2019-12-29 13:17:10 INFO	syncing settings
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
[email protected]'s password: 
building file list ... done
deleting state/global.json
deleting state/empty-window.json
deleting state/-721c4179.json
deleting state/
./

sent 198 bytes  received 26 bytes  10.93 bytes/sec
total size is 172032  speedup is 768.00
2019-12-29 13:17:30 INFO	synced settings in 20.892316347s
2019-12-29 13:17:30 INFO	syncing extensions
Control socket connect(/Users/suman/.ssh/control-remote.tjhsst.edu-22-2022sratna): Connection refused
[email protected]'s password: 
building file list ... done

sent 76 bytes  received 20 bytes  21.33 bytes/sec
total size is 0  speedup is 0.00
2019-12-29 13:17:34 INFO	synced extensions in 23.973192331s
2019-12-29 13:17:34 INFO	starting code-server...
2019-12-29 13:17:34 INFO	Tunneling remote port 64098 to 127.0.0.1:60900
[email protected]'s password: 
info  Server listening on http://127.0.0.1:64098
info    - No authentication
info    - Not serving HTTPS
^C2019-12-29 13:18:08 INFO	shutting down

I'm on macOS 10.15.3 Beta. sshcode --version prints a newline (#154), but I installed sshcode via go get.

**EDIT: **
sshcode --ssh-flags '-o "ControlPath=/tmp/test" -o "ControlMaster=auto" -o "ControlPersist=5m"' tj works fine, but I still think #116 should be fixed because the SSH connection will be kept after sshcode is quit.

@Merith-TK
Copy link
Contributor

Please Open a new issue as the code has. Changed a decent amount since this issue was closed and may be a issue caused by. Code changes.

Also include what day you installed sshcode via GoGet

@sumanthratna sumanthratna mentioned this issue Dec 30, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@deansheather deansheather

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add SSH master connection feature coder/sshcode
3 participants
@Merith-TK @deansheather @sumanthratna