Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pybridge: Add initial authorize request to cockpit-beiboot, and handle host key prompts #19401

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

pybridge: Add initial authorize request to cockpit-beiboot, and handle host key prompts #19401

wants to merge 2 commits into from

Conversation

martinpitt
Copy link
Member

@martinpitt martinpitt commented Sep 27, 2023
edited

In order to use cockpit-beiboot as cockpit-ssh replacement from the "normal" (not Client mode) login page, it needs to consider the given username and password. It also needs to properly handle "unknown host key" prompts.

This paves the way for completely replacing cockpit-ssh with cockpit.beiboot. See https://issues.redhat.com/browse/COCKPIT-954 and #19441.

@martinpitt martinpitt marked this pull request as draft September 27, 2023 07:22
@martinpitt

This comment was marked as outdated.

Sign in to view
allisonkarlitskaya
allisonkarlitskaya requested changes Sep 27, 2023
View reviewed changes
Copy link
Member

@allisonkarlitskaya allisonkarlitskaya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it's coming together really nicely and I'm starting to get excited about the finished result. 🚀

selinux/HACKING.md Outdated Show resolved Hide resolved
src/cockpit/beiboot.py Outdated Show resolved Hide resolved
src/cockpit/beiboot.py Outdated

async def do_askpass(self, messages: str, prompt: str, hint: str) -> Optional[str]:
if self.basic_password and 'password:' in prompt.lower():
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yikes...

I guess this will work "for now" but we really need to do something more (airquotes) 'professional' here...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, see my comment above, that's why it's still draft. Of course we could also consider/mark this as # HACK and update ferny as a follow-up. I still do want to do that, but it's much nicer to iterate on something that actually works.

src/cockpit/beiboot.py Show resolved Hide resolved
src/cockpit/beiboot.py Outdated Show resolved Hide resolved
test/verify/check-static-login Outdated Show resolved Hide resolved
test/verify/check-static-login Show resolved Hide resolved
src/cockpit/beiboot.py Outdated Show resolved Hide resolved
@martinpitt martinpitt force-pushed the beiboot-authorize branch 2 times, most recently from 774f2ee to 60c6729 Compare September 27, 2023 09:06
martinpitt
martinpitt commented Sep 27, 2023
View reviewed changes
selinux/cockpit.te Outdated Show resolved Hide resolved
@martinpitt martinpitt force-pushed the beiboot-authorize branch 2 times, most recently from edae05b to ee489a1 Compare September 27, 2023 10:32
@martinpitt

This comment was marked as resolved.

Sign in to view
@martinpitt martinpitt force-pushed the beiboot-authorize branch 2 times, most recently from fede982 to 1220a19 Compare September 28, 2023 05:39
@martinpitt

This comment was marked as outdated.

Sign in to view
@martinpitt martinpitt force-pushed the beiboot-authorize branch 2 times, most recently from d7f3fa3 to a10e8a8 Compare September 28, 2023 08:17
@martinpitt

This comment was marked as outdated.

Sign in to view
@martinpitt martinpitt mentioned this pull request Sep 28, 2023
Closed
@martinpitt martinpitt force-pushed the beiboot-authorize branch 2 times, most recently from aeae62e to f21866b Compare September 28, 2023 15:12
@martinpitt martinpitt mentioned this pull request Sep 28, 2023
Merged
@martinpitt

This comment was marked as resolved.

Sign in to view
@martinpitt martinpitt changed the title cockpit-beiboot improvements/fixes pybridge: Add initial authorize request to cockpit-beiboot Sep 29, 2023
@martinpitt martinpitt marked this pull request as ready for review September 30, 2023 04:30
@martinpitt martinpitt requested review from allisonkarlitskaya and removed request for allisonkarlitskaya September 30, 2023 04:30
@martinpitt martinpitt mentioned this pull request Oct 5, 2023
Draft
7 tasks
@martinpitt martinpitt removed the request for review from allisonkarlitskaya October 6, 2023 04:34
@martinpitt martinpitt changed the title pybridge: Add initial authorize request to cockpit-beiboot pybridge: Add initial authorize request to cockpit-beiboot, and handle host key prompts Oct 6, 2023
@martinpitt

This comment was marked as outdated.

Sign in to view
@martinpitt martinpitt mentioned this pull request Oct 6, 2023
Closed
2 tasks
@martinpitt

This comment was marked as outdated.

Sign in to view
allisonkarlitskaya
allisonkarlitskaya reviewed Oct 6, 2023
View reviewed changes
src/cockpit/beiboot.py Outdated Show resolved Hide resolved
src/cockpit/beiboot.py
fp_match = re.search(r'\n(\w+) key fingerprint is ([^.]+)\.', prompt)
args = {}
if fp_match:
args['host-key'] = f'{fp_match.group(2)} {fp_match.group(1)}'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this isn't quite right — this is the fingerprint, not the key...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm yes, but we don't ever get the actual key via SSH_ASKPASS; I figure that's why you went through this whole business of KnownHostCommand? Do we need to use that after all?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I.e. I just consider that as the "new key format" -- key fingerprints are just the "language" that ssh speaks, while for cockpit-ssh it was the full keys. But does that matter? Or what would you suggest?

@martinpitt

This comment was marked as outdated.

Sign in to view
@martinpitt martinpitt mentioned this pull request Jan 19, 2024
Merged
@martinpitt martinpitt marked this pull request as draft January 24, 2024 14:25
@martinpitt
pybridge: Send initial authorize request in beiboot
bce0572 
In order to use cockpit.beiboot as cockpit-ssh replacement from the
"normal" (not Client mode) login page, it needs to consider the given
username and password. cockpit-ssh sends an initial `authorize` message
for that and checks for "Basic" auth. If that fails, it aborts
immediately with `authentication-failed`. Implement the same in
cockpit.beiboot.

Note: The UI does not currently get along with multiple password
attempts. Once we drop cockpit-ssh, we should fix the UI and
cockpit.beiboot to behave like the flatpak, keep the initial SSH
running, and just answer the "try again" prompts.

Cover this in a new `TestLogin.testLoginSshBeiboot`. Once we generally
replace cockpit-ssh with cockpit.beiboot, this will get absorbed by
TestLogin and TestMultiMachine* and can be dropped again.
@martinpitt
pybridge: Handle ssh host key prompts in beiboot
03fb291 
Stop treating host key prompts as generic conversation messages. We want
the UI to handle them properly, with some verbiage/buttons and the
recipe for validating host keys, instead of letting the user type "yes".
The login page recognizes these through the presence of the `host-key`
authorize field (and irritatingly, an extra `default` field with the
actual value).

We can't use ferny's builtin `do_hostkey()` responder for this, as that
requires `ferny.Session(handle_host_key=True)`, and that API is not
flexible enough to handle our ssh command modifications and the extra
beiboot_helper handler. This needs some bigger redesign.

So just recognize and parse SSH's host key prompts, and rely on our
integration tests to spot breakage in future distro releases.

This enables the login page's host key localstorage mechanism, so adjust
TestLogin.testLoginSshBeiboot to only expect the host key on the first
login attempt.
@martinpitt
Copy link
Member Author

martinpitt commented Mar 22, 2024
edited

I have rebased this to get it back into working order. #19668 has been open for 4 months, and at some point I'd really like to unblock this and the follow-up work -- the string parsing hack is easy enough to revert/adjust if/once we land the FernyTransport rework.

@martinpitt martinpitt marked this pull request as ready for review March 22, 2024 05:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@allisonkarlitskaya allisonkarlitskaya Awaiting requested review from allisonkarlitskaya

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@martinpitt @allisonkarlitskaya