Skip to content

fix: start container only after attach in ddev auth ssh, fixes #7664 #7681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 6, 2025
Merged

fix: start container only after attach in ddev auth ssh, fixes #7664 #7681

merged 5 commits into from
Oct 6, 2025

Conversation

stasadev
Copy link
Member

@stasadev stasadev commented Oct 1, 2025
edited
Loading

The Issue

How This PR Solves The Issue

  • Adds detailed output for each key before running ssh-add.
  • Runs start only after attach for ssh container.
  • Ensures that we have ddev/ddev-ssh-agent, because it doesn't show that it pulls it when there are no DDEV images.
  • Fixes ddev auth ssh -j output. (It should always be JSON compatible.)

Manual Testing Instructions

Prepare keys:

  • key1 has "key1" passphrase
  • key2 has "key2" passphrase
ssh-keygen -t rsa -b 4096 -C "[email protected]" -f ./key1 -N "key1"
ssh-keygen -t rsa -b 4096 -C "[email protected]" -f ./key2 -N "key2"

See new output "Running: ssh-add key1", "Running: ssh-add key2":

$ ddev auth ssh -d .
Adding 2 SSH private key(s)... 
Adding key key1
Enter passphrase for key1: 
Identity added: key1 ([email protected])
Adding key key2
Enter passphrase for key2: 
Identity added: key2 ([email protected])
Successfully added 2 SSH private key(s).

ddev auth ssh silently pulled the image (when there was no such image), which was wrong. Now it shows the actual pull:

$ ddev delete images -a && ddev auth ssh
Network ddev_default created 
[+] Pulling 7/7
 ✔ ddev-ddev-ssh-agent-v1.24.8 Pulled                                      2.9s 
   ✔ d107e437f729 Already exists                                           0.0s 
   ✔ 86a0fbc39b3e Already exists                                           0.0s 
   ✔ f299420bc9df Already exists                                           0.0s 
   ✔ 4f4fb700ef54 Already exists                                           0.0s 
   ✔ 4730d8ececd6 Already exists                                           0.0s 
   ✔ ccef343c5ffd Already exists                                           0.0s 
 Container ddev-ssh-agent  Created 
 Container ddev-ssh-agent  Started
...

Automated Testing Overview

Release/Deployment Notes

@stasadev stasadev requested a review from a team as a code owner October 1, 2025 14:26
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 1, 2025
edited
Loading

Download the artifacts for this pull request:

See Testing a PR.

Open in GitHub Codespaces

@stasadev stasadev mentioned this pull request Oct 1, 2025
Closed
4 tasks
@rfay rfay force-pushed the 20251001_stasadev_auth_ssh branch from 8ce4184 to 9761d02 Compare October 1, 2025 20:57
@rfay
Copy link
Member

rfay commented Oct 1, 2025

Rebased.

@github-actions github-actions bot added the dependencies Pull requests that update a dependency file label Oct 2, 2025
@stasadev stasadev changed the title refactor: add detailed output for each key in ddev auth ssh, fixes #7664 fix: start container only after attach in ddev auth ssh, fixes #7664 Oct 2, 2025
rfay
rfay reviewed Oct 2, 2025
View reviewed changes
cmd/ddev/cmd/auth-ssh.go Outdated
config := &dockerContainer.Config{
Image: docker.GetSSHAuthImage() + "-built",
Cmd: dockerStrslice.StrSlice{"bash", "-c", `cp -r /tmp/sshtmp ~/.ssh && chmod -R go-rwx ~/.ssh && cd ~/.ssh && mapfile -t keys < <(grep -l '^-----BEGIN .* PRIVATE KEY-----' *) && ((${#keys[@]})) || { echo "No SSH private keys found" >&2; exit 1; } && for key in "${keys[@]}"; do ssh-add "$key" || exit $?; done`},
Cmd: dockerStrslice.StrSlice{"bash", "-c", `cp -r /tmp/sshtmp ~/.ssh && chmod -R go-rwx ~/.ssh && cd ~/.ssh && mapfile -t keys < <(grep -l '^-----BEGIN .* PRIVATE KEY-----' *) && ((${#keys[@]})) || { echo "No SSH private keys found" >&2; exit 1; } && for key in "${keys[@]}"; do printf "\nRunning command: ssh-add %s\n" "$key"; ssh-add "$key" || exit $?; done`},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most people don't know what ssh-add is or what it means in this context. Maybe simplify to "Adding key %s" ?

Copy link
Member Author

@stasadev stasadev Oct 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

In addition, I fixed the output for ddev auth ssh -j, it should only produce JSON output.

@stasadev stasadev requested a review from rfay October 3, 2025 14:16
@rfay

This comment was marked as outdated.

Sign in to view
rfay
rfay approved these changes Oct 6, 2025
View reviewed changes
Copy link
Member

@rfay rfay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I retested (without this) and was able to replicate the problem on WSL2.

Then I used this and it worked perfectly:

rfay@ubuntu-len:~/workspace/ddev$ ddev poweroff
The ddev-ssh-agent container has been removed. When you start it again you will have to use 'ddev auth ssh' to provide key authentication again.
rfay@ubuntu-len:~/workspace/ddev$ ddev auth ssh
Network ddev_default created
[+] Pulling 7/7
 ✔ ddev-ddev-ssh-agent-20250824_akibaat_buildx_arm_builder Pulled                                                  1.9s
   ✔ d107e437f729 Already exists                                                                                   0.0s
   ✔ 19e48215f278 Already exists                                                                                   0.0s
   ✔ 44b7382c3380 Already exists                                                                                   0.0s
   ✔ 4f4fb700ef54 Already exists                                                                                   0.0s
   ✔ df9423e98b41 Already exists                                                                                   0.0s
   ✔ e41c6c43a147 Already exists                                                                                   0.0s
 Container ddev-ssh-agent  Created
 Container ddev-ssh-agent  Started
ssh-agent container is running: If you want to add authentication to the ssh-agent container, run 'ddev auth ssh' to enable your keys.
Adding 3 SSH private key(s)...
Adding key id_ed25519
Enter passphrase for id_ed25519:
Identity added: id_ed25519 (andreas@LS-PC-42)
Adding key id_rsa
Enter passphrase for id_rsa:
Identity added: id_rsa (andreas@LS-PC-42)
Adding key id_rsa (new 2022-12-27)
Enter passphrase for id_rsa (new 2022-12-27):
Identity added: id_rsa (new 2022-12-27) (id_rsa (new 2022-12-27))
Successfully added 3 SSH private key(s).

@rfay rfay merged commit ce29c53 into main Oct 6, 2025
34 of 35 checks passed
@rfay rfay deleted the 20251001_stasadev_auth_ssh branch October 6, 2025 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rfay rfay rfay approved these changes

Assignees
No one assigned
Labels
bugfix dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stasadev @rfay