New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh: Replace cockpit-ssh with cockpit.beiboot #19441
Draft
martinpitt
wants to merge
3
commits into
cockpit-project:main
Choose a base branch
from
martinpitt:beiboot-default
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
martinpitt
added
blocked
no-test
For doc/workflow changes, or experiments which don't need a full CI run,
labels
Oct 5, 2023
martinpitt
force-pushed
the
beiboot-default
branch
from
October 5, 2023 06:10
f51a1f6
to
d304a90
Compare
3 tasks
martinpitt
force-pushed
the
beiboot-default
branch
2 times, most recently
from
October 6, 2023 06:06
88c969d
to
3b3581c
Compare
In order to use cockpit.beiboot as cockpit-ssh replacement from the "normal" (not Client mode) login page, it needs to consider the given username and password. cockpit-ssh sends an initial `authorize` message for that and checks for "Basic" auth. If that fails, it aborts immediately with `authentication-failed`. Implement the same in cockpit.beiboot. Note: The UI does not currently get along with multiple password attempts. Once we drop cockpit-ssh, we should fix the UI and cockpit.beiboot to behave like the flatpak, keep the initial SSH running, and just answer the "try again" prompts. Cover this in a new `TestLogin.testLoginSshBeiboot`. Once we generally replace cockpit-ssh with cockpit.beiboot, this will get absorbed by TestLogin and TestMultiMachine* and can be dropped again.
Stop treating host key prompts as generic conversation messages. We want the UI to handle them properly, with some verbiage/buttons and the recipe for validating host keys, instead of letting the user type "yes". The login page recognizes these through the presence of the `host-key` authorize field (and irritatingly, an extra `default` field with the actual value). We can't use ferny's builtin `do_hostkey()` responder for this, as that requires `ferny.Session(handle_host_key=True)`, and that API is not flexible enough to handle our ssh command modifications and the extra beiboot_helper handler. This needs some bigger redesign. So just recognize and parse SSH's host key prompts, and rely on our integration tests to spot breakage in future distro releases. This enables the login page's host key localstorage mechanism, so adjust TestLogin.testLoginSshBeiboot to only expect the host key on the first login attempt.
martinpitt
changed the title
ssh: Replace cockpit-ssh with cockpit.beiboot with the pybridge
ssh: Replace cockpit-ssh with cockpit.beiboot
Mar 22, 2024
cockpit.beiboot has feature parity with cockpit-ssh. Entirely stop building and shipping cockpit-ssh with the pybridge, and use cockpit.beiboot by default for direct remote SSH logins from the login page. This gets rid of the libssh build dependency. Drop the `Provides: cockpit-ssh` from Debian. No package ever related to that virtual package name, and it's meaningless these days. Change ws' detection of remote login availability to `type cockpit-bridge` with the pybridge, as the existence of cockpit-ssh is not relevant any more. This is much cheaper than actually trying to run the bridge with `--version` or call Python to check the module. We still need to do this, as a system could only have the cockpit-ws package installed but not cockpit-bridge. https://issues.redhat.com/browse/COCKPIT-1029
martinpitt
force-pushed
the
beiboot-default
branch
from
March 22, 2024 06:15
3b3581c
to
ea4d544
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cockpit.beiboot has feature parity with cockpit-ssh. Entirely stop
building and shipping cockpit-ssh with the pybridge, and use
cockpit.beiboot by default for direct remote SSH logins from the login
page. This gets rid of the libssh build dependency.
Drop the
Provides: cockpit-ssh
from Debian. No package ever related tothat virtual package name, and it's meaningless these days.
Change ws' detection of remote login availability to
type cockpit-bridge
with the pybridge, as the existence of cockpit-ssh is not relevant any
more. This is much cheaper than actually trying to run the bridge with
--version
or call Python to check the module. We still need to dothis, as a system could only have the cockpit-ws package installed
but not cockpit-bridge.
https://issues.redhat.com/browse/COCKPIT-1029
TODO:
git grep cockpit-ssh