Skip to content

SSH config overwritten with VS Code Coder config #504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aaronlehmann opened this issue May 15, 2025 · 5 comments
Open

SSH config overwritten with VS Code Coder config #504

aaronlehmann opened this issue May 15, 2025 · 5 comments
Assignees
@johnstcn
Labels
customer-reported must-do

Comments

@aaronlehmann
Copy link
Contributor

Both myself and and another user experienced ~/.ssh/config being completely overwritten to include just a START CODER VSCODE block with the corresponding wildcard Host entry. This happened to me using version 1.8.0 of the extension with multiple remote development sessions active.
@johnstcn johnstcn self-assigned this May 20, 2025
This was referenced May 20, 2025
Open
Open
@johnstcn
Copy link
Member

Hey Aaron,

I found that, a missing #--- END CODER VSCODE .* --- comment in combination with more than one #--- START CODER VSCODE .* --- comment could cause any content between the first START and the first END to be removed.

Example:

Host beforeconfig
  HostName before.config.tld
  User before

# --- START CODER VSCODE dev.coder.com ---
Host coder-vscode.dev.coder.com--*
  ConnectTimeout 0
  LogLevel ERROR
  ProxyCommand some-command-here
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

Host donotdelete
  HostName dont.delete.me
  User please

# --- START CODER VSCODE dev.coder.com ---
Host coder-vscode.dev.coder.com--*
  ConnectTimeout 0
  LogLevel ERROR
  ProxyCommand some-command-here
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
# --- END CODER VSCODE dev.coder.com ---

Host afterconfig
  HostName after.config.tld
  User after

With coder config-ssh, the above will currently (correctly) cause an error. However, the VSCode extension will silently remove Host donotdelete.

#510 should fix this.

Does this sound plausible as a root cause to your issue?

Sidenote: there's also a potential issue with concurrent file writes. Since you mentioned having multiple remote development sessions it's also possible there was some kind of race condition with writing the updated config. config-ssh does do an atomic write, but currently the VSCode extension doesn't. Filed #511 for this separately.

@aaronlehmann
Copy link
Contributor Author

My guess is that the issue was non-atomicity. This happened seemingly randomly, so I wouldn't expect a deterministic failure mode like a missing #--- END CODER VSCODE .* --- to be the issue. Also, the other person this happened to tends to have a lot of VS Code windows open at once.

@aaronlehmann
Copy link
Contributor Author

Somewhat related: we've seen a race condition in the past updating the coder binary: #347

@bjornrobertsson
Copy link

Similar experience when testing, although never lost everything. Everything between "# ------------START-CODER-----------" and it's end "# ------------END-CODER------------" got removed.
I initially pegged this on the ProxyCommand (pointed to different coder binary, the homebrew one) and possibly now being out-dated, due to coder-* entry or historical changes in behaviour? But perhaps more perplexing is that the command doesn't warn about this, although it becomes apparent by using -n/--dry-run exactly what will happen.

I.e.

$ /opt/homebrew/bin/coder config-ssh -n
Dry run, the following changes would be made to your SSH configuration:

  * Update the coder section in /Users/$USER/.ssh/config

--- /Users/$USER/.ssh/config
+++ /Users/$USER/.ssh/config
@@ -25,398 +25,12 @@
 # You should not hand-edit this section unless you are removing it, all
 # changes will be lost when running "coder config-ssh".
 #
-Host coder.CertTwo
-	HostName coder.CertTwo
+Host coder.*
 	ConnectTimeout=0
 	StrictHostKeyChecking=no
 	UserKnownHostsFile=/dev/null
 	LogLevel ERROR
-	ProxyCommand /opt/homebrew/bin/coder --global-config "/Users/$USER/Library/Application Support/coderv2" ssh --stdio CertTwo
-Host coder.CertTwo.main

But without -n:

$ /opt/homebrew/bin/coder config-ssh
> The following changes will be made to your SSH configuration:

    * Update the coder section in /Users/$USER/.ssh/config

  Continue? (yes/no) yes

Updated "/Users/$USER/.ssh/config"
You should now be able to ssh into your workspace.

In this case I feel the text 'Update the coder section' a little underwhelming. Updating the 'caveat' warning and potentially if this replacement is known, add to the list of Updates that will happen would work.

@aaronlehmann
Copy link
Contributor Author

BTW, another one of our users got hit by this today. I have no idea why it only started happening recently - perhaps our upgrade to Coder 2.21 affected timings enough to expose this race. Really hoping the atomicity fix does the trick!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnstcn johnstcn

Labels
customer-reported must-do
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bjornrobertsson @johnstcn @aaronlehmann @matifali