SSH agent forwarding#65
SSH agent forwarding#65fabiovincenzi wants to merge 720 commits intoG-Research:denis-coric/ssh-flowfrom
Conversation
dcoric
left a comment
dcoric
left a comment
There was a problem hiding this comment.
I like how you improved the code organization and type safety!
dgl
left a comment
dgl
left a comment
There was a problem hiding this comment.
A few security minded comments. I put all the comments here, even if there's some overlap with the PR this is based on.
src/proxy/ssh/sshHelpers.ts
Outdated
| tryKeyboard: false, | ||
| readyTimeout: 30000, | ||
| agent: customAgent, | ||
| algorithms: { |
There was a problem hiding this comment.
Is there a reason to set these algorithms? It looks like ssh2 will use somewhat sensible defaults (which will at least include things like ed25519 host keys, which isn't included here). (I see this is mostly moved from the other PR, but it looks like the server isn't specifying algorithms, I'd do the same for the client side.)
There was a problem hiding this comment.
Done. Removed explicit algorithm configuration to use ssh2's defaults
src/proxy/ssh/GitProtocol.ts
Outdated
| */ | ||
| hasFlushPacket(): boolean { | ||
| const bufStr = this.buffer.toString('utf8'); | ||
| return bufStr.includes('0000'); |
There was a problem hiding this comment.
It feels like this is too rudimentary, take the Linux kernel repo:
$ git log 0000
error: short object ID 0000 is ambiguous
hint: The candidates are:
hint: 000006155029 commit 2025-06-30 - arm64: defconfig: Enable STM32 Octo Memory Manager and OcstoSPI driver
[about 26 more omitted]
and that's just prefixes, in this case a 0000 anywhere in a head's commit ID would collide. There's not a security problem here I don't think, just breaks the protocol, but we implemented a better parser before (38915e7) so it would be good to use it (move it somewhere common?).
(https://github.com/not-an-aardvark/lucky-commit could be useful to test this, if needed.)
There was a problem hiding this comment.
Fixed. Moved the proper pkt-line parser from parsePush.ts to a shared module (src/proxy/processors/pktLineParser.ts)
src/proxy/ssh/sshHelpers.ts
Outdated
| if (!client.agentForwardingEnabled) { | ||
| throw new Error( | ||
| 'SSH agent forwarding is required. Please connect with: ssh -A\n' + | ||
| 'Or configure ~/.ssh/config with: ForwardAgent yes', |
There was a problem hiding this comment.
Saying ssh -A isn't really actionable in the context most users will see this error. It would be nicer to give people the one liner of:
git config --global core.sshCommand "ssh -A"
In particular configuring this on the git level is far less dangerous than fully enabling agent forwarding.
We also need to be careful with this message, suggesting users enable agent forwarding globally isn't desirable (e.g. https://attack.mitre.org/techniques/T1563/001/) -- it might be useful to let this message be overridden through config too as local policies on how to configure this may vary.
There was a problem hiding this comment.
Addressed. Updated error message. Also made the message configurable via ssh.agentForwardingErrorMessage in config.
src/proxy/ssh/server.ts
Outdated
| if (repoPath.startsWith('/')) { | ||
| repoPath = repoPath.substring(1); | ||
| } | ||
| const isReceivePack = command.includes('git-receive-pack'); |
There was a problem hiding this comment.
Use startsWith not include to match the check above. (I doubt anyone would make a repo with git-receive-pack in it, but if they did, this could result in some surprises.)
| cipher: ['aes128-gcm' as any, 'aes256-gcm' as any, 'aes128-ctr' as any, 'aes256-ctr' as any], | ||
| hmac: ['hmac-sha2-256' as any, 'hmac-sha2-512' as any], | ||
| }, | ||
| }; |
There was a problem hiding this comment.
This should also set hostVerifier too and verify the key is as expected.
It would be good to include github.com and gitlab.com host keys by default so this just works for installations, with a way to configure additional keys.
There was a problem hiding this comment.
Implemented. Added hostVerifier with default host keys for github.com and gitlab.com. Additional hosts can be configured via ssh.knownHosts in config.
jescalada
left a comment
jescalada
left a comment
There was a problem hiding this comment.
Looks good so far! 🚀 I just have some general comments about the code.
| } | ||
|
|
||
| // Calculate SHA-256 fingerprint from SSH public key | ||
| // Note: This function is duplicated in src/service/routes/users.js to keep CLI and server independent |
There was a problem hiding this comment.
Do we really need to keep the CLI and server independent? Since the CLI is already importing a few things from the parent package.
Perhaps we could extract this function to src/service/routes/utils.ts for better testing and dealing with potential bugs. 🤔
| sink.findUserBySSHKey(sshKey); | ||
| export const getUsers = (query?: Partial<UserQuery>): Promise<User[]> => sink.getUsers(query); | ||
| export const deleteUser = (username: string): Promise<void> => sink.deleteUser(username); | ||
| export const updateUser = (user: Partial<User>): Promise<void> => sink.updateUser(user); |
There was a problem hiding this comment.
Why is the Partial here being removed? I think this was changed at some point to allow proper typing for activeDirectory.ts and some test files.
We could alternatively fix the usages, but it makes the most sense for a DB update function (triggered through a PATCH endpoint) to take a partial version of the related entity.
There was a problem hiding this comment.
Might want to rename this to packetLineParser.ts for better searchability!
There was a problem hiding this comment.
Alternatively, we could rename this to parsePushUtils and include the other helper functions from parsePush such as getCommitData, getPackData, etc.
This might make the parsePush action a bit easier to understand.
There was a problem hiding this comment.
I wonder if we should add checks before accessing private fields. If ssh2 renames any of those, we might end up with a silent or non-descriptive error.
|
|
||
| if (chanMgr && chanMgr._channels) { | ||
| // Find first available channel ID | ||
| while (chanMgr._channels[localChan] !== undefined) { |
There was a problem hiding this comment.
Wonder if this wouldn't cause a race condition or clashing of some sort.. Since it's an async function that's relying on and modifying SSH client internals. 🤔
Are we sure that openTemporaryAgentChannel won't get called multiple times in a short period of time?
| // But ssh2 expects only the raw signature bytes (without the algorithm wrapper) | ||
| // because Protocol.authPK will add the algorithm wrapper itself | ||
|
|
||
| // Parse the blob to extract just the signature bytes |
There was a problem hiding this comment.
Are we 100% sure that the SSH signature format will always be the same? Just wondering if support for alternative algorithms is necessary.
If SSH connections to GH always use the same algorithm, maybe this isn't needed, but I'm not sure if connections between the user and GitProxy might require additional support.
There was a problem hiding this comment.
A user could use any key type that GitHub or another provider supports, so for example U2F keys use sk-ecdsa-sha2-nistp256@openssh.com, which as you can see includes a flags and counter additionally to the signature.
My feeling would be to get this PR in with the common key types and maybe add a todo/issue for some further testing.
| * Git uses pkt-line format: [4 byte hex length][payload] | ||
| * Special packet "0000" (flush packet) indicates end of section | ||
| */ | ||
| class PktLineParser { |
There was a problem hiding this comment.
Nit: rename to PacketLineParser for searchability/consistency
There was a problem hiding this comment.
The UserProfile is starting to get big... Perhaps we could extract the SSH-related stuff into its own component(s)?
| // into a proper ParsedKey object. | ||
| const keys = identities.map((identity) => identity.publicKeyBlob); | ||
|
|
||
| console.log(`[LazyAgent] Returning ${keys.length} identities`); |
There was a problem hiding this comment.
Based on our meeting from earlier: We should look into two issues:
- Why there are automatic SSH requests happening when switching to the user context (or in the background)
- Why during these automatic SSH requests, ALL the keys in the system (presumably from
~/.sshdirectory) are being loaded here- During manual requests, this fetches only keys added through
ssh add
- During manual requests, this fetches only keys added through
I'm wondering if this means that there are two different clients or agents running in parallel. We should only keep the one that gets the job done.
| return new Promise((resolve, reject) => { | ||
| // Check if this key already exists for any user | ||
| findUserBySSHKey(publicKey) | ||
| findUserBySSHKey(publicKey.key) |
There was a problem hiding this comment.
Might be related to findUserBySSHKey: Check why email matters when setting up the SSH key, pinpoint where the check happens and modify it so that GitProxy gives an explicit error when the email doesn't match.
src/config/generated/config.ts
Outdated
| typ: u(undefined, ''), | ||
| }, | ||
| { json: 'enabled', js: 'enabled', typ: true }, | ||
| { json: 'hostKey', js: 'hostKey', typ: u(undefined, r('HostKey')) }, |
There was a problem hiding this comment.
Check if the hostKey config entries are actually being used or not (since removing them seemed to affect my original, failed SSH flow).
fabiovincenzi
force-pushed
the
ssh-agent-on-pr987
branch
2 times, most recently
from
06ee7b2 to
0ff683e
Compare
…ication-fix chore: remove unused NPM auth token and flags
…stead of exiting process
fix: improve handling of repository clones in the .remote folder
…of Request params
…core fix: update @types/express-serve-static-core to 5.1.1 and fix typing of Request params
docs(website): update website homepage
feat: Add reject reason
…inked # Conflicts: # src/ui/services/git-push.ts # src/ui/views/PushDetails/PushDetails.tsx
Signed-off-by: Kris West <kristopher.west@natwest.com>
chore: add andypols to list of maintainers
feat: enhance error handling in git-push and repo services
8 participants
No description provided.