Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh: Replace cockpit-ssh with cockpit.beiboot #19441

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

ssh: Replace cockpit-ssh with cockpit.beiboot #19441

wants to merge 3 commits into from

Conversation

martinpitt
Copy link
Member

@martinpitt martinpitt commented Oct 5, 2023
edited

cockpit.beiboot has feature parity with cockpit-ssh. Entirely stop
building and shipping cockpit-ssh with the pybridge, and use
cockpit.beiboot by default for direct remote SSH logins from the login
page. This gets rid of the libssh build dependency.

Drop the Provides: cockpit-ssh from Debian. No package ever related to
that virtual package name, and it's meaningless these days.

Change ws' detection of remote login availability to type cockpit-bridge
with the pybridge, as the existence of cockpit-ssh is not relevant any
more. This is much cheaper than actually trying to run the bridge with
--version or call Python to check the module. We still need to do
this, as a system could only have the cockpit-ws package installed
but not cockpit-bridge.

https://issues.redhat.com/browse/COCKPIT-1029

TODO:

@martinpitt martinpitt added blocked no-test For doc/workflow changes, or experiments which don't need a full CI run, labels Oct 5, 2023
@martinpitt martinpitt mentioned this pull request Oct 6, 2023
Open
3 tasks
@martinpitt martinpitt force-pushed the beiboot-default branch 2 times, most recently from 88c969d to 3b3581c Compare October 6, 2023 06:06
@martinpitt
pybridge: Send initial authorize request in beiboot
bce0572 
In order to use cockpit.beiboot as cockpit-ssh replacement from the
"normal" (not Client mode) login page, it needs to consider the given
username and password. cockpit-ssh sends an initial `authorize` message
for that and checks for "Basic" auth. If that fails, it aborts
immediately with `authentication-failed`. Implement the same in
cockpit.beiboot.

Note: The UI does not currently get along with multiple password
attempts. Once we drop cockpit-ssh, we should fix the UI and
cockpit.beiboot to behave like the flatpak, keep the initial SSH
running, and just answer the "try again" prompts.

Cover this in a new `TestLogin.testLoginSshBeiboot`. Once we generally
replace cockpit-ssh with cockpit.beiboot, this will get absorbed by
TestLogin and TestMultiMachine* and can be dropped again.
@martinpitt
pybridge: Handle ssh host key prompts in beiboot
03fb291 
Stop treating host key prompts as generic conversation messages. We want
the UI to handle them properly, with some verbiage/buttons and the
recipe for validating host keys, instead of letting the user type "yes".
The login page recognizes these through the presence of the `host-key`
authorize field (and irritatingly, an extra `default` field with the
actual value).

We can't use ferny's builtin `do_hostkey()` responder for this, as that
requires `ferny.Session(handle_host_key=True)`, and that API is not
flexible enough to handle our ssh command modifications and the extra
beiboot_helper handler. This needs some bigger redesign.

So just recognize and parse SSH's host key prompts, and rely on our
integration tests to spot breakage in future distro releases.

This enables the login page's host key localstorage mechanism, so adjust
TestLogin.testLoginSshBeiboot to only expect the host key on the first
login attempt.
@martinpitt martinpitt changed the title ssh: Replace cockpit-ssh with cockpit.beiboot with the pybridge ssh: Replace cockpit-ssh with cockpit.beiboot Mar 22, 2024
@martinpitt martinpitt mentioned this pull request Mar 22, 2024
Open
@martinpitt
ssh: Replace cockpit-ssh with cockpit.beiboot
ea4d544 
cockpit.beiboot has feature parity with cockpit-ssh. Entirely stop
building and shipping cockpit-ssh with the pybridge, and use
cockpit.beiboot by default for direct remote SSH logins from the login
page. This gets rid of the libssh build dependency.

Drop the `Provides: cockpit-ssh` from Debian. No package ever related to
that virtual package name, and it's meaningless these days.

Change ws' detection of remote login availability to `type cockpit-bridge`
with the pybridge, as the existence of cockpit-ssh is not relevant any
more. This is much cheaper than actually trying to run the bridge with
`--version` or call Python to check the module. We still need to do
this, as a system could only have the cockpit-ws package installed
but not cockpit-bridge.

https://issues.redhat.com/browse/COCKPIT-1029
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
blocked no-test For doc/workflow changes, or experiments which don't need a full CI run,
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@martinpitt