[dashboard] support connect via SSH

[iQQBot]

Description

Now that we have the new SSH gateway and the simpler authentication flow, it is possible that a user can copy/paste an SSH command onto their local machine to facilitate quicker/easier access to a Gitpod workspace.

This PR introduces a way to direct connect ssh to workspace

Related Issue(s)

Fixes #7713

How to test

start a workspace in preview environment, you can see Connect via SSH in workspace list and workspace start page(desktop IDE)

Release Notes

support direct connect workspace via ssh command

Documentation

[iQQBot]

@gtsiolis UX is slightly different from the design, because the connection of a single command requires many preconditions, please take a look

[iQQBot]

@loujaybee Manual connections are the most compatible way to connect, and users can use any ssh client, such as ssh command or putty or other tools to connect

The one-command connection has many prerequisites, such as sshpass in this case, which needs to be installed separately and is not included in the operating system by default, and the installation method is slightly different for each operating system

[gtsiolis]

Looking at this now! 👀

[gtsiolis]

@iQQBot Thanks for pushing this forward! 🏀

UX changes using the modal look good.

However, I left some comments about UX and security practices here as these could affect the adoption of this feature.

Long-term exposing the password like this seems unessasary and can be avoided. I'd like to suggest the following approaches but I'm not sure if these will increase significantly the scope of this PR:

🅰️ Use the standard commands or binaries that ship with most operating system like ssh, curl, or something similar that could allow use to have a single command to copy and paster as well as authenticate via browser. Thus, avoiding and dropping all together sshpass support.
🅱️ Introduce an SSH Keys section in user settings so that users can upload their public SSH key as they usually do with GitLab, GitHub, etc sto that there's a single command to cipy and paste that is using the public key to connect securely to the workspace. This would require a new section in user settings as well as alert in the connect via SSH modal that warns this is a requirement or not set.

Looping in @akosyakov and @loujaybee to decide whether we'd like to a) ship this as is and iterate or b) step back and go with one of the 🅰️ or 🅱️ option described above. 🛹

[gtsiolis]

issue: While this seems efficient do we really want to promote tools like this? Are you regularly using this, @iQQBot? I could be wrong but I assume many users will be against installing tools like this simply to use SSH access.

[iQQBot]

I've never actually used it, I've only seen it used in a demo by @csweichel 😂

[csweichel]

sshpass is the common way to pass credentials to SSH on the commandline, i.e. it's not an uncommon tool. That said, it might not be installed everywhere.

In both cases: manual and sshpass we should provide documentation that explains how this ought to be used.

I'd almost argue for removing the sshpass for now, but offering a single commandline is just too sweet.

[iQQBot]

We actually support workspaceID#ownerToken@ideUrl for single command connections

But this has to be based on the fact that the user implicitly provides a priavate_key which is the default id_rsa for authentication, we don't authenticate the user's private key, we just skip the step of having to enter a password through this mechanism. That said, if the user does not have any default privatekey, then the user will still be asked to enter the password.

We can change the behavior of the SSHGateway so that it can log in with any password if it provides full authentication information like workspaceID#ownerToken, but users must also be told this

#9003 (comment) And with a program like this, the user will be confused as to how the input should be done

To ease the burden of education in this area, I chose to provide sshpass and host username password respectively.

CC @csweichel

[csweichel]

Wow, that's a neat hack :)

It is also a bit indirect and harder to understand.
Frankly I'd vote for going for the manual/sshpass options as they stand and make sure we have really good documentation for both cases in place.

[iQQBot]

@gtsiolis Thanks for your suggestion

🅰️ Use the standard commands or binaries that ship with most operating system like ssh, curl, or something similar that could allow use to have a single command to copy and paster as well as authenticate via browser. Thus, avoiding and dropping all together sshpass support.

Unfortunately, native ssh does not support passing passwords, much less browser authentication

🅱️ Introduce an SSH Keys section in user settings so that users can upload their public SSH key as they usually do with GitLab, GitHub, etc sto that there's a single command to cipy and paste that is using the public key to connect securely to the workspace. This would require a new section in user settings as well as alert in the connect via SSH modal that warns this is a requirement or not set.

Maybe it can be a solution, but we need to consider

1. if the user uploads the ssh publickey, then there is a chance that multiple users will duplicate it (inevitably some people have little awareness of security and use some online public key) so it may be used by some people instead
2. if we help the user to generate random key pairs, then the user can download the private key, this can prevent the publickey duplication, but the burden for the user will become heavy, they need to use special parameters each time to choose the gitpod privatekey

[csweichel]

Long-term exposing the password like this seems unessasary and can be avoided.

💯

I'd like to suggest the following approaches but I'm not sure if these will increase significantly the scope of this PR:

🛹 🛹 🛹 🛹 🛹 🛹 🛹 🛹 🛹

🅰️ Use the standard commands or binaries that ship with most operating system like ssh, curl, or something similar that could allow use to have a single command to copy and paster as well as authenticate via browser. Thus, avoiding and dropping all together sshpass support.

We could offer some curl https://... | sh like experience. The URL folks would download would be a one-time secret (i.e. it can be downloaded only once). This way we could protect the owner token and would not make it part of logs and terminal history. We'd still need to find a way to pass the password to SSH - sshpass is surprisingly complex, but we could consider offering a static build so that people don't need to install it on their own.

Security-minded users would not execute anything curl ... | sh though. In that sense sshpass is way more transparent.

🅱️ Introduce an SSH Keys section in user settings so that users can upload their public SSH key as they usually do with GitLab, GitHub, etc sto that there's a single command to cipy and paste that is using the public key to connect securely to the workspace. This would require a new section in user settings as well as alert in the connect via SSH modal that warns this is a requirement or not set.

This is definitely where we want to go. It's also a considerable change, we'd need to

• add UI and API to accept the user's public key. Maybe we can pull this from GitHub (what about the other hoster)
• push the through server -> ws-manager -> pod -> ws-proxy
• support that key in the SSH gateway functionality of ws-proxy

[iQQBot]

🅱️ Introduce an SSH Keys section in user settings so that users can upload their public SSH key as they usually do with GitLab, GitHub, etc sto that there's a single command to cipy and paste that is using the public key to connect securely to the workspace. This would require a new section in user settings as well as alert in the connect via SSH modal that warns this is a requirement or not set.

This is definitely where we want to go. It's also a considerable change, we'd need to

add UI and API to accept the user's public key. Maybe we can pull this from GitHub (what about the other hoster)
push the through server -> ws-manager -> pod -> ws-proxy
support that key in the SSH gateway functionality of ws-proxy

Yes, it is a good program, but I think we need to consider I mention above

1. if the user uploads the ssh publickey, then there is a chance that multiple users will duplicate it (inevitably some people have little awareness of security and use some online public key) so it may be used by some people instead, If you analyze this from a security perspective alone, it doesn't pose a very big threat because the workspaceID is also random, but once we can get the user's publicKey we can do a lot of cool things, like @csweichel mentioned a while back with gitpod cli https://gitpod.slack.com/archives/C01KGM9DVRC/p1644171231400999 In this case, it's slightly more dangerous

2. if we help the user to generate random key pairs, then the user can download the private key, this can prevent the publickey duplication, but the burden for the user will become heavy, they need to use special parameters each time to choose the gitpod privatekey

[akosyakov]

I would start with something simple like single ssh command with a warning about private keys. As a next step add SSH keys to improve on it. I am not sure about providing other options I would prefer to see users using the simple method, i.e. run some usability testing.

[iQQBot]

Who can help me write this warning text? Do we need to explain to the user why a default private key is needed? @akosyakov

#9003 (comment) I think these situations still need to be considered, if the user is a professional user that is no problem, but if the user is not a professional user they will be very confused

[akosyakov]

Who can help me write this warning text? Do we need to explain to the user why a default private key is needed? @akosyakov

I remember you mentioned also that ssh supports an option to use only password based auth without keys? i.e. will disabling of StrictHostKeyChecking help?

#9003 (comment) I think these situations still need to be considered, if the user is a professional user that is no problem, but if the user is not a professional user they will be very confused

I am not sure yet what our users are going to do with it. We could do later it too, no? We should get out something simple and run some usability tests.

[iQQBot]

I remember you mentioned also that ssh supports an option to use only password based auth without keys? i.e. will disabling of StrictHostKeyChecking help?

Yes, ssh supports password-only authentication, but the ssh command does not support passing passwords, which is the biggest problem, If you need to pass a password, you must use a tool like sshpass. StrictHostKeyChecking is used to skip the host fingerprint confirmation

[akosyakov]

Yes, ssh supports password-only authentication, but the ssh command does not support passing passwords, which is the biggest problem, If you need to pass a password, you must use a tool like sshpass. StrictHostKeyChecking is used to skip the host fingerprint confirmation

ok, could we then instead provide a warning which says that a user should have at least one private key and point to some docs how to create it (maybe there is some nice section on ssh.com)?

[akosyakov]

@iQQBot It worked nicely for me. 🙏 @gtsiolis Could you help with styling of dialog please?

[iQQBot]

before we ship this, can you ensure to add an analytics tracking event? Ideally with a property that distinguishes between the usage on the dashboard and from the workspace loading/start page? 🙏

@loujaybee we already got this event by dashboard_clicked, we can distinguishes it by path

{"jsonrpc":"2.0","id":14,"method":"trackEvent","params":{"anonymousId":"da439578-2c6c-42f8-80bc-ae6bfa1ca450","event":"dashboard_clicked","properties":{"path":"/workspaces","label":"Actions","button_type":"primary"}}}

Do we need to add a separate analytics tracking event for this?

[iQQBot]

@gtsiolis I follow your suggestion, can you please have a look again?

[akosyakov]

@iQQBot new analytics events have to be added here: https://www.notion.so/gitpod/Tracking-Plan-ed27d1492da745b9b31711dd73dcbe57#6c68c725b7d744ebb0bd1593f37ed623

[akosyakov]

I think it is alright to reuse events if they are stable, but we have to update the epic to have proper info about how we can verify that a feature got discovered and used. It would be also cool to have a dashboard for it in Mixpanel. cc @loujaybee

[iQQBot]

I think we can reuse dashboard_clicked event, it can distinguishes between the usage on the dashboard and from the workspace loading/start page

[loujaybee]

/werft run

👍 started the job as gitpod-build-pd-ssh-copy.12

[loujaybee]

@iQQBot ah yep, I think that tracking event should work, thanks! 🚀

[gtsiolis]

fyi: Can not open new workspaces in the preview environment. Cross-posted internally, see relevant discussion (internal).

[iQQBot]

/werft run

👍 started the job as gitpod-build-pd-ssh-copy.15

[gtsiolis]

suggestion: What do you think of 🅰️ reordering the elements so that the modal description is closer to the text input and maybe 🅱️ introducing a primary action button for the modal for the same action to copy the command to clipboard? Going with just 🅰️ should suffice for now.

BEFORE	AFTER (:a:)	AFTER (:b:)

[iQQBot]

go for A

[gtsiolis]

Sounds good! Impeccable agreements! 🤝

[gtsiolis]

Looks great, @iQQBot! Left one last comment above.

[iQQBot]

@gtsiolis Already change, please take a look again

[iQQBot]

Can someone from @gitpod-io/engineering-webapp have a review?

[gtsiolis]

UX looks great, @iQQBot! Let's ship it! 🛹

[mustard-mh]

UX looks great, @iQQBot! Let's ship it! 🛹

Oooh, we need robot to cover related keywords to our notion define. XD

cc @gtsiolis

[geropl]

LGTM