Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WSL2 SSH config permission denied error #1601

Open
sim4life opened this issue Dec 27, 2024 · 13 comments
Open

WSL2 SSH config permission denied error #1601

sim4life opened this issue Dec 27, 2024 · 13 comments
Labels
bug Something isn't working

Comments

@sim4life
Copy link

Describe the bug
For package management and settings, I used Nix home-manager. I setup daytona with proper configs and the workspace but on opening a workspace, it gives a ssh config file permission denied error.

To Reproduce
Steps to reproduce the behavior:

  1. Setup daytona git-provider with gitea (forgejo v7 self-hosted)
  2. Setup daytona provider as docker-local
  3. Setup daytona target as docker-local (previously added)
  4. Create workspace: daytona create and select sample project: sample-astro-tailwind-restaurant gives warnings like:
1 warning found (use docker --debug to expand):
 sample-astro-tail... |  - InvalidDefaultArgInFrom: Default value for ARG $BASE_IMAGE results in empty or invalid base image name (line 4)
  1. The workspace gets created but daytona is unable to open the workspace and gives the error:
    FATA[1333] open /home/myuser/.ssh/config: permission denied

Expected behaviour
Expectation is to have NO docker related warnings, NO permission errors to have read access to ssh config file and NO write access to SSH config file needed.

Desktop (please complete the following information):

  • OS: (Win11 + WSL2) Ubuntu 22.04
  • Docker desktop (using WSL2 bindings) v4.37.1
  • Nix home-manager v24.05
  • Daytona Version: v0.50.0

Additional context

  1. myuser is the WSL2 Ubuntu user with sudo privileges.
  2. I don't have VS Code installed but I use VSCodium. Whether, I select VS Code or Terminal SSH in the default daytona ide, I get the same ssh config permission denied error.
  3. Using Nix home-manager to manage SSH settings, it creates a chain of symlinks to another file inside Nix directory
    lrwxrwxrwx 1 myuser myuser /home/myuser/.ssh/config -> /nix/store/xyzhash-home-manager-files/.ssh/config
    lrwxrwxrwx 2 root root /nix/store/xyzhash-home-manager-files/.ssh/config -> /nix/store/abchash-hm_.sshconfig
    -r--r--r-- 3 root root /nix/store/abchash-hm_.sshconfig
@sim4life sim4life added the bug Something isn't working label Dec 27, 2024
@Tpuljak
Copy link
Member

Tpuljak commented Jan 7, 2025

@sim4life thanks for opening the issue.

The reason that daytona needs write permissions to your ssh config is to setup the necessary SSH host to connect to the Daytona workspace.

We first add Include daytona_config into the ssh config and then create the daytona_config file in which we write Hosts similar to this:

Host default-078a65b78fb5-tpuljak
	User daytona
	StrictHostKeyChecking no
	UserKnownHostsFile /dev/null
	ProxyCommand "/usr/local/bin/daytona" ssh-proxy default 078a65b78fb5 tpuljak
	ForwardAgent yes

Looking at your symlink, the issue might be that the nix-created ssh config is not writable by your user (without sudo).

Are you able to run echo test >> ~/.ssh/config without sudo?

P.S. Sorry for the late response, we were on holidays

@sim4life
Copy link
Author

sim4life commented Jan 7, 2025

@Tpuljak welcome back.
Yes, you're right. I can NOT write to my ~/.ssh/config without sudo.

Is there a way for me to have the daytona generated ssh config specific for my user so that I can put it manually in my nix home-manager managed ssh config file?
Afterwards, will it be possible for daytona to verify the correct ssh config even if it does NOT get the write access to my ssh config file?

@Tpuljak
Copy link
Member

Tpuljak commented Jan 8, 2025

@sim4life currently, we have the ssh config file hardcoded.

We could add an option to skip writing the Include daytona_config line in ~/.ssh/config and only write the daytona hosts in ~/.ssh/daytona_config. You would then be responsible for adding the Include line yourself.

Just to give it a try, can you please add Include daytona_config to the top of your config file manually and then try to open the workspace with daytona code?

@sim4life
Copy link
Author

I added the Include daytona_config directive in my ~/.ssh/config but daytona code still gave the same permission denied error.
Keep in mind that the ~/.ssh/daytona_config file was auto-generated during previous steps but it is an empty file with only rw permissions for the myuser
-rw------- 1 myuser myuser daytona_config

@Tpuljak
Copy link
Member

Tpuljak commented Jan 10, 2025

I added the Include daytona_config directive in my ~/.ssh/config but daytona code still gave the same permission denied error.

Ah, I see now that we run the replace every time. Because we need to ensure that the Include line is on top of the file, we inject it on every run.

@Tpuljak
Copy link
Member

Tpuljak commented Jan 10, 2025

We'll release an update for this today and then you can check again.

@Tpuljak
Copy link
Member

Tpuljak commented Jan 13, 2025

@sim4life forgot to update you. You can update to the latest version of daytona by rerunning the install script. The issue should be resolved. Let me know if it works now.

@sim4life
Copy link
Author

sim4life commented Jan 15, 2025

@Tpuljak I updated the daytona version, rebuilt everything, then added the line Include daytona_config to my ~/.ssh/config file but the ~/.ssh/daytona_config file is still an empty file and running daytona code still gives the error:
FATA[0160] open /home/myusername/.ssh/config: permission denied

@Tpuljak
Copy link
Member

Tpuljak commented Jan 15, 2025

@sim4life does your user have read permission to that file?

@sim4life
Copy link
Author

@Tpuljak Yes, my user can read from both ~/.ssh/config and ~/.ssh/daytona_config files.

@Tpuljak
Copy link
Member

Tpuljak commented Jan 20, 2025

@sim4life did you observe this kind of behavior with other services/apps before?

@sim4life
Copy link
Author

@Tpuljak NO, other services/apps don't have this problem.
I tried removing/purging all daytona references in docker-desktop and from .ssh/config files and reinstalling/re-downloading all docker images but the ~/.ssh/daytona_config still turns out to be empty and daytona code gives the same permission error:
FATA[0002] open /home/myuser/.ssh/config: permission denied

@Tpuljak
Copy link
Member

Tpuljak commented Jan 27, 2025

then added the line Include daytona_config to my ~/.ssh/config

@sim4life did you add this line to the top of the ssh config? It's important that it is the first line

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants