devpod icon indicating copy to clipboard operation
devpod copied to clipboard
verified publisher icon loft-sh

ssh-agent forwarding not working from Windows

Open ianepreston opened this issue 1 year ago • 5 comments

What happened?
ssh authentication to git repositories fails from within devpod. I'm able to start a pod with a secured repository as the target, but within the pod I cannot perform any operations like git fetch. If I specify a ssh secured repo for dotfiles that fails as well.

What did you expect to happen instead?
ssh-agent should forward my keys into the pod and provide access that way.

How can we reproduce the bug? (as minimally and precisely as possible)

  • Use Windows and docker desktop
  • Ensure you have ssh-agent enabled and your key is added by running ssh-add -l
  • Create a workspace targeting an ssh secured git repository (can have been cloned locally or have the URL pasted in)
  • Connect to the workspace and try to perform an operation on the remote repository (e.g., git fetch)

Local Environment:

  • DevPod Version: v0.5.4
  • Operating System: windows 11
  • ARCH of the OS: AMD64

DevPod Provider:

  • Local/remote provider: docker (provided by docker desktop)

Anything else we need to know?

Performing the same tasks from within a WSL distro on the same machine works fine, this is specific to trying to run devpod directly from Windows. As a workaround for now I'm using the CLI from within WSL

This seems similar to #632 but I was advised to create a new issue for this as it relates to connectivity within the container rather than outside it.

ianepreston avatar Feb 26 '24 14:02 ianepreston

Thanks @ianepreston I'll take a look at this

89luca89 avatar Feb 26 '24 14:02 89luca89

@ianepreston what IDE where you using when devpod up from Windows?

89luca89 avatar Feb 29 '24 10:02 89luca89

'None'. I've got neovim installed in the container. It fails before it gets to that point though since it can't clone my dotfiles

ianepreston avatar Feb 29 '24 15:02 ianepreston

Thanks, will look into it further :+1:

89luca89 avatar Mar 01 '24 06:03 89luca89

I've also ran across this issue and spent way too much time debugging it. In the end, the fix was simple; I uninstalled the OpenSSH that comes with the Windows features (I think it was 8.6), and installed the latest OpenSSH for Windows. As soon as I upgraded, SSH agent forwarding was plug and play when provisioning my devcontainer through devpod.

My context was:

  • ssh-add -l was correctly showing my key from inside the devcontainer
  • ssh -T [email protected] was failing from inside the devcontainer, but was working on the host
  • ssh -vT [email protected] with verbose output gave me this error: get_agent_identities: ssh_agent_bind_hostkey: communication with agent failed
  • I searched for the above error and found this link
  • I more or less followed the answer from in there:

Open Powershell as Administrator and run:

Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
winget install Microsoft.OpenSSH.Beta --override ADDLOCAL=Client

Reboot computer.

ssh -V
OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2

In my case, installing the latest OpenSSH version automatically enabled the ssh-agent in the Windows services so I didn't need to do this manually.

martinbiard avatar Apr 27 '24 19:04 martinbiard