Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

Native support for SSH cloning #61575

Open
Open
Native support for SSH cloning#61575
Labels
team/sourceTickets under the purview of Source - the one Source to graph it all
@eseliger

Description

@eseliger
eseliger
opened on Apr 3, 2024

Description

Sourcegraph supports cloning repos via SSH today. Most of the code hosts support a flag called gitURLType that if set to ssh will enable SSH cloning.

However, the way this works is that the customer has to mount a known_hosts file and the SSH key into the gitserver instance. This is not really what I call native support. It just happens to work, because someone messed with the deployment.

This is also the reason why cloning via SSH is not possible on Cloud today - since we can't let customers modify the manifests.

Batch Changes had a need to support SSH pushes, and implemented that much later than the initial SSH support has been added. It implements it natively, with a UI that auto-generates a passphrase-protected SSH keypair and presents the public key to the user that they then need to paste into the code host, and things will magically work from there. We pass the SSH key to git then using a UNIX socket based SSH agent, all written in Go.

This is the experience we should be aiming for IMO. You insert the key or even get the key somewhere in the UI, we handle it from there. No host SSH config is read, no deployment needs to be modified.

Why SSH cloning in the first place?

We've seen customers who only allow cloning via SSH. There are also certain code hosts that only support the SSH protocol. I recently had a prospect run into this feature gap on Cloud as well.

SSH cloning also can potentially save some round trips because git doesn't send pre-flight unauthenticated requests.

Lastly, but a weaker point: Cloud is our first-class, best deployment method. It's not great that certain features are not available there.

Impact

  • Cloud has feature parity with on-prem for clone URL support
  • Unlocks SSH-only code hosts without the hassle
  • Simplifies the deployment guides a bunch, there's a lot of sections about SSH keys in our current docs

Work to be done

  • Add database columns to store an SSH key for an external service
  • Add GQL mutation to create and recreate an SSH keypair and retrieve the public key
  • Add GQL resolvers for retrieving the SSH key status
  • Add UI to the code host connection config to generate an SSH key to paste into the code host
  • Add support in gitserver fetching for SSH agent like we do in patch for Batch Changes
  • Clean up docs, add section for native SSH cloning, move or remove the sections on the old approach

Metadata

Metadata

Assignees

No one assigned

    Labels

    team/sourceTickets under the purview of Source - the one Source to graph it all

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions