Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

gcp compute exec uses user from ssh config file #725

Closed
ekinanp opened this issue Feb 10, 2020 · 3 comments · Fixed by #745
Closed

gcp compute exec uses user from ssh config file #725

ekinanp opened this issue Feb 10, 2020 · 3 comments · Fixed by #745
Labels
bug Something isn't working

Comments

@ekinanp
Copy link
Contributor

ekinanp commented Feb 10, 2020
edited

My SSH config file has a Host * line that sets the default user to root. GCP compute exec uses the user parsed from the GCE SSH files (see https://github.com/puppetlabs/wash/blob/master/plugin/gcp/computeInst.go#L113) and sets that user as the FallbackUser. Thus, the SSH transport will use the root user when SSH'ing into the instance (b/c it reads from ~/.ssh/config via https://github.com/puppetlabs/wash/blob/master/transport/ssh.go#L66-L69) instead of the user parsed from my GCE SSH files. Thus, Exec fails because I'm ssh'ing as the wrong user.

I'm filing this issue because exec works fine when I do gcloud ssh, meaning GCP probably doesn't read the ~/.ssh/config file for extra info. That means we probably shouldn't either.

WORKAROUND: Just make sure you don't have any Host matchers that can conflict with a GCP compute instance's host name. So for me that means removing the Host * matcher or changing it to something else like foo.
@ekinanp ekinanp added the bug Something isn't working label Feb 10, 2020
@ekinanp
Copy link
Contributor Author

ekinanp commented Feb 10, 2020

I wonder why we're setting the parsed user as FallbackUser instead of User? See https://github.com/puppetlabs/wash/blob/master/plugin/gcp/computeInst.go#L137

@MikaelSmith
Copy link
Contributor

That does seem like a mistake, I don't have a reason for FallbackUser over User there.

@MikaelSmith
Copy link
Contributor

I think my original thinking was that you could use ~/.ssh/config to change the user, because we don't provide a CLI option for that with wexec. But we should also behave consistently with gcloud ssh, so I'm fine changing it to fix this.

MikaelSmith added a commit to MikaelSmith/wash that referenced this issue Mar 2, 2020
@MikaelSmith
Specify canonical user for gcp instance exec
8a61451 
Previously we supplied the user registered with GCP metadata as a
`FallbackUser`, which allowed a user's SSH config to change the user.
However this behavior is inconsistent with `gcloud ssh` and resulted in
default user entries (`Host *`) in SSH config breaking this
functionality.

Switch to using the user from GCP metadata as the canonical user for
login. If we later need to support changing that user, it should be a
new feature of the `wexec` command/API.

Fixes puppetlabs-toy-chest#725.

Signed-off-by: Michael Smith <michael.smith@puppet.com>
@MikaelSmith MikaelSmith mentioned this issue Mar 2, 2020
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Specify canonical user for gcp instance exec MikaelSmith/wash
2 participants
@MikaelSmith @ekinanp