SSH agent forwarding doesn't work

[shdwchn10]

What happened?
DevPod doesnt forward SSH agent and I'm unable to connect to SSH servers or authenticate against git forges.

What did you expect to happen instead?
Be able to use SSH inside DevPod.

How can we reproduce the bug? (as minimally and precisely as possible)

devpod provider add --name podman -o DOCKER_PATH=podman docker
git clone https://github.com/shdwchn10/teloxide -b dev/improve-dx
cd teloxide
devpod up .

My devcontainer.json:

{
    "build": {
        "dockerfile": "Containerfile"
    },
    "customizations": {
        "vscode": {
            "extensions": [
                "eamodio.gitlens",
                "rust-lang.rust-analyzer",
                "serayuzgur.crates",
                "tamasfe.even-better-toml",
                "nefrob.vscode-just-syntax",
                "Gruntfuggly.todo-tree"
            ]
        }
    },
    "workspaceMount": "",
    "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
    "runArgs": [
        "--volume=${localWorkspaceFolder}:/workspaces/${localWorkspaceFolderBasename}:Z"
    ]
}

Local Environment:

• DevPod Version: v0.6.10
• Operating System: Fedora Linux 41.20250203.0 (Silverblue)
• ARCH of the OS: AMD64
• IDE: VS Codium

DevPod Provider:

• Local provider: docker (podman)

Anything else we need to know?
devpod-log.txt

~/.ssh/config:

Host server
    Hostname 192.168.122.107
    Port 22
    User shdwchn10
    IdentityFile ~/.ssh/server

Output from Codium terminal (inside of devpod):

[user@c0ab2f56997f teloxide]$ ssh server
ssh: Could not resolve hostname server: Name or service not known

[user@c0ab2f56997f teloxide]$ ssh-add -L
Error connecting to agent: No such file or directory

[user@c0ab2f56997f teloxide]$ echo $SSH_AUTH_SOCK 
/tmp/auth-agent3411776333/listener.sock

[user@c0ab2f56997f teloxide]$ ls $SSH_AUTH_SOCK 
ls: cannot access '/tmp/auth-agent3411776333/listener.sock': No such file or directory

[user@c0ab2f56997f teloxide]$ ls /tmp
codium-async.pid          vscode-git-1bea5add6a.sock
codium-async.pid.lock     vscode-ipc-171be37f-7173-4d87-8844-6feba872f69d.sock
codium-async.pid.streams  vscode-ipc-47064521-c6c9-407e-bbfb-41d48eba02dd.sock
devpod.activity

[MoritzMaxeiner]

I have run into the same issue and from what I can tell this is due to the following:

The devpod ssh server by default creates a new agent forwarding socket (/tmp/auth-agent*/listener.sock) for each individual session, even when within a single connection. Openssh-server, against which I'm assuming open-remote-ssh was primarily written and tested, creates one agent forwarding socket (/tmp/ssh-*/agent.*) per connection, not per session.

So when open-remote-ssh starts a new vscodium-server here that happens within an ssh session that is started and terminated here. That means the agent socket exposed via $SSH_AUTH_SOCK during that session - which is later extracted here and then forwarded to the vscodium terminal here - is no longer valid by the time it ends up being used.

This is effectively a use-after-free issue: Open-remote-ssh extracts and then uses the socket after it has been freed.

Having taken a preliminary look at the ssh key agent protocol document I believe devpod's ssh server behavior is valid with respect to the spec and open-remote-ssh's implicit assumption that the agent socket would be available during the whole connection is invalid.

If that is correct, then this is a bug in open-remote-ssh and would need to be solved there, maybe starting vscodium-server within a long-running exec session so the agent socket doesn't get freed while the server is running.

Note that this is only my observation from having taken a look at both projects and the spec, I'm not deeply familiar with either and if what I wrote is incorrect I apologize in advance.