SSH agent forwarding#65
SSH agent forwarding#65fabiovincenzi wants to merge 497 commits intoG-Research:denis-coric/ssh-flowfrom
Conversation
dcoric
left a comment
dcoric
left a comment
There was a problem hiding this comment.
I like how you improved the code organization and type safety!
dgl
left a comment
dgl
left a comment
There was a problem hiding this comment.
A few security minded comments. I put all the comments here, even if there's some overlap with the PR this is based on.
src/proxy/ssh/sshHelpers.ts
Outdated
| tryKeyboard: false, | ||
| readyTimeout: 30000, | ||
| agent: customAgent, | ||
| algorithms: { |
There was a problem hiding this comment.
Is there a reason to set these algorithms? It looks like ssh2 will use somewhat sensible defaults (which will at least include things like ed25519 host keys, which isn't included here). (I see this is mostly moved from the other PR, but it looks like the server isn't specifying algorithms, I'd do the same for the client side.)
There was a problem hiding this comment.
Done. Removed explicit algorithm configuration to use ssh2's defaults
src/proxy/ssh/GitProtocol.ts
Outdated
| */ | ||
| hasFlushPacket(): boolean { | ||
| const bufStr = this.buffer.toString('utf8'); | ||
| return bufStr.includes('0000'); |
There was a problem hiding this comment.
It feels like this is too rudimentary, take the Linux kernel repo:
$ git log 0000
error: short object ID 0000 is ambiguous
hint: The candidates are:
hint: 000006155029 commit 2025-06-30 - arm64: defconfig: Enable STM32 Octo Memory Manager and OcstoSPI driver
[about 26 more omitted]
and that's just prefixes, in this case a 0000 anywhere in a head's commit ID would collide. There's not a security problem here I don't think, just breaks the protocol, but we implemented a better parser before (38915e7) so it would be good to use it (move it somewhere common?).
(https://github.com/not-an-aardvark/lucky-commit could be useful to test this, if needed.)
There was a problem hiding this comment.
Fixed. Moved the proper pkt-line parser from parsePush.ts to a shared module (src/proxy/processors/pktLineParser.ts)
src/proxy/ssh/sshHelpers.ts
Outdated
| if (!client.agentForwardingEnabled) { | ||
| throw new Error( | ||
| 'SSH agent forwarding is required. Please connect with: ssh -A\n' + | ||
| 'Or configure ~/.ssh/config with: ForwardAgent yes', |
There was a problem hiding this comment.
Saying ssh -A isn't really actionable in the context most users will see this error. It would be nicer to give people the one liner of:
git config --global core.sshCommand "ssh -A"
In particular configuring this on the git level is far less dangerous than fully enabling agent forwarding.
We also need to be careful with this message, suggesting users enable agent forwarding globally isn't desirable (e.g. https://attack.mitre.org/techniques/T1563/001/) -- it might be useful to let this message be overridden through config too as local policies on how to configure this may vary.
There was a problem hiding this comment.
Addressed. Updated error message. Also made the message configurable via ssh.agentForwardingErrorMessage in config.
src/proxy/ssh/server.ts
Outdated
| if (repoPath.startsWith('/')) { | ||
| repoPath = repoPath.substring(1); | ||
| } | ||
| const isReceivePack = command.includes('git-receive-pack'); |
There was a problem hiding this comment.
Use startsWith not include to match the check above. (I doubt anyone would make a repo with git-receive-pack in it, but if they did, this could result in some surprises.)
| cipher: ['aes128-gcm' as any, 'aes256-gcm' as any, 'aes128-ctr' as any, 'aes256-ctr' as any], | ||
| hmac: ['hmac-sha2-256' as any, 'hmac-sha2-512' as any], | ||
| }, | ||
| }; |
There was a problem hiding this comment.
This should also set hostVerifier too and verify the key is as expected.
It would be good to include github.com and gitlab.com host keys by default so this just works for installations, with a way to configure additional keys.
There was a problem hiding this comment.
Implemented. Added hostVerifier with default host keys for github.com and gitlab.com. Additional hosts can be configured via ssh.knownHosts in config.
jescalada
left a comment
jescalada
left a comment
There was a problem hiding this comment.
Looks good so far! 🚀 I just have some general comments about the code.
| } | ||
|
|
||
| // Calculate SHA-256 fingerprint from SSH public key | ||
| // Note: This function is duplicated in src/service/routes/users.js to keep CLI and server independent |
There was a problem hiding this comment.
Do we really need to keep the CLI and server independent? Since the CLI is already importing a few things from the parent package.
Perhaps we could extract this function to src/service/routes/utils.ts for better testing and dealing with potential bugs. 🤔
| sink.findUserBySSHKey(sshKey); | ||
| export const getUsers = (query?: Partial<UserQuery>): Promise<User[]> => sink.getUsers(query); | ||
| export const deleteUser = (username: string): Promise<void> => sink.deleteUser(username); | ||
| export const updateUser = (user: Partial<User>): Promise<void> => sink.updateUser(user); |
There was a problem hiding this comment.
Why is the Partial here being removed? I think this was changed at some point to allow proper typing for activeDirectory.ts and some test files.
We could alternatively fix the usages, but it makes the most sense for a DB update function (triggered through a PATCH endpoint) to take a partial version of the related entity.
There was a problem hiding this comment.
Might want to rename this to packetLineParser.ts for better searchability!
There was a problem hiding this comment.
Alternatively, we could rename this to parsePushUtils and include the other helper functions from parsePush such as getCommitData, getPackData, etc.
This might make the parsePush action a bit easier to understand.
There was a problem hiding this comment.
I wonder if we should add checks before accessing private fields. If ssh2 renames any of those, we might end up with a silent or non-descriptive error.
|
|
||
| if (chanMgr && chanMgr._channels) { | ||
| // Find first available channel ID | ||
| while (chanMgr._channels[localChan] !== undefined) { |
There was a problem hiding this comment.
Wonder if this wouldn't cause a race condition or clashing of some sort.. Since it's an async function that's relying on and modifying SSH client internals. 🤔
Are we sure that openTemporaryAgentChannel won't get called multiple times in a short period of time?
| // But ssh2 expects only the raw signature bytes (without the algorithm wrapper) | ||
| // because Protocol.authPK will add the algorithm wrapper itself | ||
|
|
||
| // Parse the blob to extract just the signature bytes |
There was a problem hiding this comment.
Are we 100% sure that the SSH signature format will always be the same? Just wondering if support for alternative algorithms is necessary.
If SSH connections to GH always use the same algorithm, maybe this isn't needed, but I'm not sure if connections between the user and GitProxy might require additional support.
There was a problem hiding this comment.
A user could use any key type that GitHub or another provider supports, so for example U2F keys use sk-ecdsa-sha2-nistp256@openssh.com, which as you can see includes a flags and counter additionally to the signature.
My feeling would be to get this PR in with the common key types and maybe add a todo/issue for some further testing.
| * Git uses pkt-line format: [4 byte hex length][payload] | ||
| * Special packet "0000" (flush packet) indicates end of section | ||
| */ | ||
| class PktLineParser { |
There was a problem hiding this comment.
Nit: rename to PacketLineParser for searchability/consistency
There was a problem hiding this comment.
The UserProfile is starting to get big... Perhaps we could extract the SSH-related stuff into its own component(s)?
…ismatch-bug fix: proxy preparations mismatch bug
…itest-migration-from-service
fix: demo video
…om-service refactor: migrate tests to Vitest + TS
Resolved merge conflicts: - Removed migrated test files (.js -> .ts for Vitest) - Accepted upstream package.json/lock (Vitest migration) - Merged src/proxy/index.ts (SSH server + upstream refactoring) - Kept src/service/routes/users.ts (SSH fingerprint functions) - Accepted upstream CLI, UI, and test files Significant upstream changes: - Migration from Mocha to Vitest for all tests - Type system refactoring in UI - Updated dependencies and workflows SSH features from our branch preserved where possible.
Restore SSH key management functionality lost during upstream merge: - Add SSH key list display with name, fingerprint, and date - Add SSH key addition dialog with name and public key fields - Add SSH key deletion with confirmation - Integrate with existing ssh.ts service API - Display snackbar notifications for success/error states This allows users to manage their SSH keys directly from their profile page for SSH-based git operations.
chore: fix NPM publish flow
feat: automatic Docker build and upload to Docker Hub
fix(deps): update npm - li-cli - experimental/li-cli/package.json
fix(deps): update npm - website - website/package.json
fix(deps): update dependency uuid to v13 - - package.json
chore(deps): update npm to v30 - li-cli - experimental/li-cli/package.json (major)
feat: Improve push filtering
chore(deps): pin httpd docker tag to dd17859 - localgit - localgit/dockerfile
chore(deps): update github-actions - workflows - .github/workflows/e2e.yml
…ges/git-proxy-cli/package.json
fix(deps): update dependency axios to ^1.13.4 - git-proxy-cli - packages/git-proxy-cli/package.json
…ples - plugins/git-proxy-plugin-samples/package.json
…mples-manager fix(deps): update dependency express to ^5.2.1 - git-proxy-plugin-samples - plugins/git-proxy-plugin-samples/package.json
fix: enable skipped proxy tests
fix(deps): update npm - - package.json
Signed-off-by: Fabio Vincenzi <93596376+fabiovincenzi@users.noreply.github.com>
9 participants
No description provided.