Get ssh identity file from ssh config and ssh agent

[mustard-mh]

Description

Support default ssh behaviors of IdentityFile

SSH Config code is a copy of https://github.com/jeanp413/open-remote-ssh/blob/master/src/ssh/sshConfig.ts

Related Issue(s)

Fixes gitpod-io/gitpod#11467

How to test

• Follow this doc to run extension locally https://github.com/gitpod-io/gitpod-vscode-desktop/blob/master/docs/CONTRIBUTING.md
• Make sure debug vscode window is actived
• Create a workspace and open with desktop vscode, it should back to the debug window
• Start test with cases below

IdentityFile

• Setup your ~/.ssh/config (mac) with gitpod host and custom identity file
• Add an ssh key to the ssh agent with ssh-add
• Run extension with this branch
• Open Gitpod workspace with Desktop VSCode and connect using your debug vscode window
• See if your custom identify file works

IdentityAgent

• Follow the doc to add and turn on 1Password ssh-agent, i.e. id_ed25519

# you can gen one by command below, which is recommend by 1password
ssh-keygen -t ed25519 -b 4096

• Remove related ssh key files in your computer. i.e. id_ed25519 id_ed25519.pub
• Upload that ssh key to https://gitpod.io/keys and make sure only that one exists in https://gitpod.io/keys
• Run extension locally and make sure debug one is activated
• Open a new workspace with desktop VSCode
• Check if we can access without copy password modal

Errors

Fill up incorrect identityFile and identityAgent

[jeanp413]

@mustard-mh I also added logic to read ssh key from the ssh agent so we can completely close gitpod-io/gitpod#11467

[akosyakov]

Please add [1] to How to test to prove that code is reliable for all kind of use cases. If not we need a way to enable not captured use cases.

[akosyakov]

Also cc @loujaybee we will need to update docs and the announcement blog about expectations.

[mustard-mh]

I added IdentityAgent in How to test section. cc @akosyakov

[mustard-mh]

Could you help test and review 🙏 ? @felladrin @iQQBot

[jeanp413]

@mustard-mh I think latest commit is not necessary so I would say just revert it and do a 1 line change in line 465 adding the untildify call

[jeanp413]

I'll go ahead and address the comments as I want to test on windows/mac as I won't be available tomorrow/friday because holidays 🙂

[mustard-mh]

@mustard-mh I think latest commit is not necessary so I would say just revert it and do a 1 line change in line 465 adding the untildify call

Ahh, just realized that untildify is working for this 🌴

[mustard-mh]

I tested (MacOS) with IdentityFile and IdentityAgent, works well.

Note that:

• .pub file can be deleted, fingerprint calc in default ssh behavior works well, but not in our extension because we use .pub file to calc the fingerprint
• Tried not to use .pub but the package we are using (ssh2) does not support calc fingerprint for private key with password, maybe find another package that can resolve it

They are not the reasons to block this PR, but we can mark it

[jeanp413]

I just finished testing in windows, did a fix and it's working 🎉

.pub file can be deleted, fingerprint calc in default ssh behavior works well, but not in our extension because we use .pub file to calc the fingerprint

what's the point of deleting the .pub file? I don't think is a useful edge case we should worry about, ssh-keygen always creates a key pair as far as I know

[mustard-mh]

what's the point of deleting the .pub file?

No, just said it can be deleted, and in case users have this habit (😅) and face it in the future

[jeanp413]

I tested (MacOS) with IdentityFile and IdentityAgent, works well.

I tested on windows and linux and looks there are no regression, so I'll go ahead and merge it and release a pre-release version, I'll ask tarun to try it (he's using with 1password integration) and a user in discord who is reporting some issues with previous behavior