Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to SSH (unable to allocate a PTY) #3424

Closed
davidwindell opened this issue Mar 11, 2021 · 6 comments
Closed

Unable to SSH (unable to allocate a PTY) #3424

davidwindell opened this issue Mar 11, 2021 · 6 comments
Labels
feature: root access meta: stale This issue/PR is stale and will be closed soon type: bug Something isn't working

Comments

@davidwindell
Copy link
Contributor

davidwindell commented Mar 11, 2021
edited
Loading

Bug description

It looks like Gitpod workspaces do not have permissions to /dev/pts

[1380] Mar 11 18:53:19 Pubkey auth succeeded for 'gitpod' with key sha1!! a7:20:f1:28:12:5a:70:d3:aa:c4:fb:54:80:14:6b:82:fc:ca:fb:13 from ::1:48834
[1380] Mar 11 18:53:19 Exit (gitpod): chown(/dev/pts/3, 33333, 5) failed: Operation not permitted
[1380] Mar 11 18:53:19 chown /dev/pts/3 0 0 failed: Operation not permitted

Here are the directory permissions:

gitpod /workspace/gitpod-playground $ ls -la /dev/pts
total 0
drwxr-xr-x 2 nobody nogroup      0 Mar 11 18:47 .
drwxr-xr-x 6 nobody nogroup    380 Mar 11 18:47 ..
crw--w---- 1 gitpod nogroup 136, 0 Mar 11 18:53 0
crw--w---- 1 gitpod nogroup 136, 1 Mar 11 18:55 1
crw--w---- 1 gitpod nogroup 136, 2 Mar 11 18:52 2
crw-rw-rw- 1 nobody nogroup   5, 2 Mar 11 18:55 ptmx

Also, trying to chmod throws the same error:

sudo chown 33333:5 /dev/pts/3
chown: changing ownership of '/dev/pts/3': Operation not permitted

This prevent connecting to Gitpod with SSH with a terminal.

Steps to reproduce

  • Run Gitpod in Feature Preview
  • Set IDE to VS Code
  • Launch below example

Expected behavior

No response

Example repository

https://github.com/corneliusludmann/gitpod-playground/tree/sshd-over-chisel
@davidwindell davidwindell mentioned this issue Mar 11, 2021
Open
@akosyakov akosyakov added the type: needs triage We've seen the issue but need to investigate to decide what type of issue it is label Mar 12, 2021
@akosyakov
Copy link
Member

cc @csweichel

@csweichel
Copy link
Contributor

openssh's sshd unfortunately tries to chown the the pts, as you've seen. It fails to do so because /dev actually belongs to UID 0 on the node - even in a workspace with root access where /dev is just a bind mount to the /dev of the workspace pod.

We haven't really come up with a solution that we're comfortable shipping in production - especially as this looks like a rather openssh specific issue. One approach is to use seccomp-notify to basically "ignore" the chown call (implemented here). Another would be to use a different SSH server, or to patch OpenSSH. As said, we haven't settled on a path forward yet.

@csweichel csweichel added feature: root access type: bug Something isn't working and removed type: needs triage We've seen the issue but need to investigate to decide what type of issue it is labels Mar 16, 2021
@davidwindell
Copy link
Contributor Author

Thanks @csweichel that makes a lot more sense now. Do you know if there are any other SSH servers that don't do the chown in the interim?

@davidwindell davidwindell mentioned this issue Mar 23, 2021
Closed
@stale
Copy link

stale bot commented Jun 14, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the meta: stale This issue/PR is stale and will be closed soon label Jun 14, 2021
@akosyakov
Copy link
Member

We announced Gitpod Local Companion last week which allows to SSH into Gitpod workspace: https://www.gitpod.io/blog/local-app Does it work for you?

@stale stale bot removed the meta: stale This issue/PR is stale and will be closed soon label Jun 22, 2021
@stale
Copy link

stale bot commented Sep 20, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the meta: stale This issue/PR is stale and will be closed soon label Sep 20, 2021
@stale stale bot closed this as completed Sep 30, 2021
@DilumAluthge DilumAluthge mentioned this issue Jul 2, 2022
Open
@abeluck abeluck mentioned this issue Jul 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: root access meta: stale This issue/PR is stale and will be closed soon type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidwindell @akosyakov @csweichel