Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tailscale ssh to a gitpod container: "Unable to change owner or mode of tty stdin: Operation not permitted" #11195

Open
abeluck opened this issue Jul 7, 2022 · 3 comments
Open

Tailscale ssh to a gitpod container: "Unable to change owner or mode of tty stdin: Operation not permitted" #11195

abeluck opened this issue Jul 7, 2022 · 3 comments
Labels
feature: tailscale meta: never-stale This issue can never become stale type: bug Something isn't working

Comments

@abeluck
Copy link

abeluck commented Jul 7, 2022
edited
Loading

Bug description

I cannot tailscale ssh into a gitpod container. I've tried several different client devices with the same result.

Authentication via tailscale ssh works, but then the tty cannot be allocated and the process fails with:

Unable to change owner or mode of tty stdin: Operation not permitted

I can tailscale ssh into other non-gitpod containers without issue.

Steps to reproduce

In a gitpod container:

  1. I've configured the TAILSCALE_AUTHKEY env var in gitpod with an ephemeral authkey
  2. Open the gitpod https://github.com/gitpod-io/template-tailscale
  3. Run tailscale up with your authkey and the ssh flag

On another device connected to the tailnet

  • ssh -v gitpod@<tailnet ip for the gitpod container>

Workspace affected

all

Expected behavior

I expect to be able to SSH to the gitpod instance via tailscale

Example repository

https://github.com/gitpod-io/template-tailscale

Anything else?

I first reported this issue over at tailscale, but based on the findings of this gitpod issue it seems that this phenomenon may be a consequence of gitpod's ssh daemon + container setup.
@abeluck abeluck added the type: bug Something isn't working label Jul 7, 2022
@axonasif
Copy link
Member

axonasif commented Jul 8, 2022

While this might be an bug on the Gitpod side, I'd like to encourage you to use the built-in direct method of SSHing into a Gitpod workspace 😉

@mads-hartmann
Copy link
Contributor

I've included the logs from tailscaled running in the Gitpod workspace when trying to establish a SSH. The exact arguments used when "starting pty command" might be useful for anyone who wants to dive deeper

ssh-session(sess-20220827T120719-bc6c4b5252): handling new SSH connection from <my>@<email> (<ip>) to ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): access granted to <my>@<email> as ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): starting pty command: [/usr/sbin/tailscaled be-child ssh --uid=33333 --gid=33333 --groups=33333,27,108 --local-user=gitpod --remote-user=<my>@<email> --remote-ip=<ip> --has-tty=true --tty-name=pts/5 --shell --login-cmd=/usr/bin/login --cmd=/bin/bash -- -l]
ssh-session(sess-20220827T120719-bc6c4b5252): Wait: code=1

@stale
Copy link

stale bot commented Nov 26, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the meta: stale This issue/PR is stale and will be closed soon label Nov 26, 2022
@stale stale bot closed this as completed Dec 24, 2022
@stale stale bot moved this to Awaiting Deployment in 🌌 Workspace Team Dec 24, 2022
@kylos101 kylos101 added meta: never-stale This issue can never become stale feature: tailscale and removed meta: stale This issue/PR is stale and will be closed soon labels Dec 27, 2022
@kylos101 kylos101 reopened this Dec 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: tailscale meta: never-stale This issue can never become stale type: bug Something isn't working
Projects
No open projects
🌌 Workspace Team
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mads-hartmann @kylos101 @abeluck @axonasif