Store SSH private key on the file system from SSH plugin #352
Conversation
Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
|
@vinokurig Could you describe the end user flow that would use that ? |
There was a problem hiding this comment.
I understand that a user will generate/create a key pair and update the ssh config in theia container. This is an operation that the user will do only once.
Then, when he delete this workspace and creates a new one, the SSH key pair will be mounted as a Kubernetes secret. But what about the SSH config? Will it be re-generated and mounted as well?
yes, it's done here https://github.com/eclipse/che/pull/13809/files#diff-5e2165ab176b2a1fb9829aa579fa546fR139 |
Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
When user executes command: |
|
ok so the ssh key generation work is done on wsmaster ? and we have a dedicated service on wsmaster API. I guess this is comming from che6 but it sounds weird in a Che7 architecture. |
Agree, but that's a separate issue. |
Is it an existing GH issue ? could you create one if not ? ssh-keygen -t rsa -b 4096 -C "your_email@example.com"and we won't have to deal with the legacy problems (like having to deal with the host provider stuff) |
|
|
@l0rd Reworked the plugin according to eclipse-che/che#13494 (comment), could you please review |
Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
vinokurig
force-pushed
the
improveSshPlugin
branch
from
a273fd7 to
0b95223
Compare
Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
|
@benoitf I've fixed all your comments could you please review |
| }; | ||
|
|
||
| const updateConfig = async function (hostName: string): Promise<void> { | ||
| const sshDir = resolve(os.homedir(), '.ssh'); |
There was a problem hiding this comment.
when I was referencing a function for ssh folder, it was for this part
resolve(os.homedir(), '.ssh')
| if (sshServiceValue) { | ||
| return Promise.resolve(sshServiceValue.label); | ||
| const getKeyFilePath = function (name: string): string { | ||
| return resolve(os.homedir(), '.ssh', name.replace('.', '_')); |
There was a problem hiding this comment.
probably function here should be for resolve(os.homedir(), '.ssh')
also function() can be replaced by getKeyFilePath = (name:string): string => {
There was a problem hiding this comment.
probably function here should be for resolve(os.homedir(), '.ssh')
We need to resolve key file name as well
| description: 'SSH keys injected into all Workspace Containers' | ||
| } | ||
| ]; | ||
| const getHostName = async function (): Promise<string> { |
There was a problem hiding this comment.
(): Promise<string> => { ?
| const keyConfig = `\nHost ${hostName.startsWith('default-') ? '*' : hostName}\nIdentityFile ${getKeyFilePath(hostName)}\n`; | ||
| const configContentBuffer = await readFile(configFile); | ||
| if (configContentBuffer.indexOf(keyConfig) >= 0) { | ||
| const newConfigContent = configContentBuffer.toString().replace(keyConfig, ''); |
There was a problem hiding this comment.
replace function is only replacing the first occurence, it's ok ?
There was a problem hiding this comment.
Yes, it is not expected that the config file has 2 identical key configs
| .then(key => { | ||
| theia.workspace.openTextDocument({ content: key.publicKey }); | ||
| .get('vcs', keyName) | ||
| .then(async key => { |
There was a problem hiding this comment.
why do we use a promise there with then and not with await ?
const key = await sshkeyManager.get(sshServiceName, keyName)
const document = await theia.workspace.openTextDocument({ content: key.publicKey });
theia.window.showTextDocument(document);Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
What does this PR do?
Store SSH private key file on the file system when key is generated from the SSH Plugin
What issues does this PR fix or reference?
fixes eclipse-che/che#13866
Release Notes
Docs PR