cli: "gh codespace ssh" fails to connect during Codespace instance first boot lifetime

Describe the bug

After creating a Codespace instance, gh codespace ssh does not work until that Codespace instance is stopped and restarted.

It is unclear whether connecting to the Codespace instance in VSCode contributes to or increases the frequency of this issue.

$ gh version
gh version 2.11.3 (2022-05-25)
https://github.com/cli/cli/releases/tag/v2.11.3

Steps to reproduce the behavior

  1. Create and start a Codespace instance, either:
  • In the UI, and open that Codespace instance in VSCode, OR
  • via gh codespace create
  1. In an operating system terminal (not the VSCode terminal), run gh codespace ssh -- -vvv
  2. Select the Codespace instance to connect to
  3. Observe the error message: kex_exchange_identification: banner line 0: unable to find user -i: no matching entries in passwd file
  4. Ctrl+C to stop gh codespace ssh -- -vvv
  5. Run gh codespace ssh and select the same Codespace instance to connect to
  6. Command hangs without connecting to the Codespace instance
  7. Ctrl+C to stop gh codespace ssh
  8. Stop the Codespace instance in the UI or by running gh codespace stop
  9. Restart the Codespace instance in the UI or via gh codespace start
  10. In an operating system terminal (not the VSCode terminal), run gh codespace ssh -- -vvv
  11. (Seemingly most of the time) Observe that the ssh connection was successful

Expected vs actual behavior

Expected behavior: gh codespace ssh successfully connects after initial Codespace instance creation.

Actual behavior: gh codespace ssh frequently hangs (with error message if -vvv is passed to ssh command) until the Codespace instance is stopped and restarted. Restarting the Codespace instance once does not always avoid this issue.

Logs

Example failure (with -vvv passed to ssh):

$ gh cs ssh -- -vvv
? Choose codespace: redacted/redacted: master
OpenSSH_8.6p1, LibreSSL 2.8.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no
files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' ->
'/Users/smkent/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' ->
'/Users/smkent/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to localhost port 52794.
debug1: Connection established.
debug1: identity file /Users/smkent/.ssh/id_rsa type -1
debug1: identity file /Users/smkent/.ssh/id_rsa-cert type -1
debug1: identity file /Users/smkent/.ssh/id_dsa type -1
debug1: identity file /Users/smkent/.ssh/id_dsa-cert type -1
debug1: identity file /Users/smkent/.ssh/id_ecdsa type -1
debug1: identity file /Users/smkent/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/smkent/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/smkent/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/smkent/.ssh/id_ed25519 type 3
debug1: identity file /Users/smkent/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/smkent/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/smkent/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/smkent/.ssh/id_xmss type -1
debug1: identity file /Users/smkent/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: kex_exchange_identification: banner line 0: unable to find user -i: no matching entries in passwd file

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 17 (8 by maintainers)

Most upvoted comments

@eljog yep, that seems to work, but this still seems like a bug:

Maybe updating the docs & error message should be a new ticket but this is likely impacting all users and should probably be higher than a p3.

+4
ostrowr on Jul 29, 2022

AFAIK the auto-installation of SSH was experimental and was removed to avoid certain issues and conflicts caused by it.

This is a rather sudden breaking change – gh codespace ssh is ostensibly supported by the cli but just doesn’t work anymore by default. Seems to me that this should be higher priority, or gh codespace ssh should be deprecated (or at least print a helpful error message in this case!)

+2
ostrowr on Jul 27, 2022

I’m having the same issue - it looks like ssh install is failing in some form. After restarting the codespace I’m seeing the following:

> gh codespace ssh
? Choose codespace: redacted/redacted (master): miniature space potato
error getting ssh server details: failed to start server: Exception : Error performing SSH Start. Please check if SSH is installed on the container.
Github Codespaces ssh install script.

(*) Detected Debian / Ubuntu
-e
(*) Updating package lists...
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://security.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 http://deb.debian.org/debian bullseye-backports InRelease [49.0 kB]
Get:5 https://deb.nodesource.com/node_16.x bullseye InRelease [4586 B]
Get:6 https://packages.microsoft.com/repos/microsoft-debian-bullseye-prod bullseye InRelease [10.5 kB]
Get:8 https://cli.github.com/packages stable InRelease [3743 B]
Get:7 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [9383 B]
Get:9 http://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease [91.7 kB]
Get:10 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [167 kB]
Get:11 http://security.debian.org/debian-security bullseye-security/non-free amd64 Packages [528 B]
Get:12 http://deb.debian.org/debian bullseye/non-free amd64 Packages [97.6 kB]
Get:13 http://deb.debian.org/debian bullseye/contrib amd64 Packages [50.6 kB]
Get:14 http://deb.debian.org/debian bullseye/main amd64 Packages [8182 kB]
Get:15 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [2592 B]
Get:16 http://deb.debian.org/debian bullseye-backports/contrib amd64 Packages [4704 B]
Get:17 http://deb.debian.org/debian bullseye-backports/non-free amd64 Packages [11.6 kB]
Get:18 http://deb.debian.org/debian bullseye-backports/main amd64 Packages [321 kB]
Get:19 https://deb.nodesource.com/node_16.x bullseye/main amd64 Packages [774 B]
Get:20 https://packages.microsoft.com/repos/microsoft-debian-bullseye-prod bullseye/main amd64 Packages [69.6 kB]
Get:21 https://cli.github.com/packages stable/main amd64 Packages [338 B]
Get:22 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [57.6 kB]
Get:23 http://apt.postgresql.org/pub/repos/apt bullseye-pgdg/main amd64 Packages [250 kB]
Fetched 9592 kB in 2s (5134 kB/s)
Reading package lists...
-e
(*) Starting ssh server.
/workspaces/.codespaces/.persistedshare/installSSH.sh: 38: /etc/init.d/ssh: not found
/workspaces/.codespaces/.persistedshare/installSSH.sh: 28: read: arg count
(!) SSH Server start failed!
-e
Press enter to dismiss this message
+2
leos on Jul 26, 2022

Thank you for the feedback. We understand the inconvenience and have prioritized the work items for updating the error message and documentation. The fix will be made available soon.

+1
eljog on Aug 2, 2022

SSH install was hitting conflicts/locks often on the initial connect, where async user commands such as postcreate-command or dotfile installation was running in parallel. Hence pre-installing SSH on the container brings in benefits such as:

  • Faster SSH connections
  • More reliable SSH connections since you don’t have to contend with installation locks that might conflict with async dotfiles installs while you are connecting

As suggested above, adding sshd feature in the devcontainer.json would be the apt fix here

+1
eljog on Jul 29, 2022

Glad to hear it helped. Sorry, we do not have any public release notes explaining the changes. AFAIK the auto-installation of SSH was experimental and was removed to avoid certain issues and conflicts caused by it.

Hi @eljog,

Could you describe what those issues and conflicts are?

We want to enable people SSH’ing into their Codespaces, and this was a feature that always worked for us and was promoted by GitHub itself as a viable way to work with Codespaces. If I understand correctly, we now have to add "sshd": "latest" to our devcontainer.json config in order for this to work; however, there are certain issues and conflicts that it may cause? What are those issues?

Thanks

+1
samsarkleio on Jul 28, 2022

With a recent change, SSH will not be auto-installed on codespaces anymore (this was done to avoid certain other issues and conflicts caused by SSH auto install). Users will now need to make sure SSH is installed on their codespace container. One easy way to do that is by adding sshd feature to your devcontainer.json (using following snippet)

"features": {
  "sshd": "latest"
}
+1
eljog on Jul 26, 2022

For the Github folks, it looks like there’s an /workspaces/.codespaces/.persistedshare/installSSH.sh script that’s being run when we attempt to ssh into the instance via the CLI and it’s failing for some reason?

Based on the -e’s in the output, I’m guessing that it’s being run via sh explicitly which makes it ignore the shebang to run it under bash. echo under sh doesn’t know the -e flag.

+1
leos on Jul 26, 2022
Read more comments on GitHub
← cli: `gh codespace list` shows an instance, but I cannot delete it
cli: `gh` Command not Being Registered →