Tailscale ssh to a gitpod container: "Unable to change owner or mode of tty stdin: Operation not permitted"

[abeluck]

Bug description

I cannot tailscale ssh into a gitpod container. I've tried several different client devices with the same result.

Authentication via tailscale ssh works, but then the tty cannot be allocated and the process fails with:

Unable to change owner or mode of tty stdin: Operation not permitted

I can tailscale ssh into other non-gitpod containers without issue.

Steps to reproduce

In a gitpod container:

1. I've configured the TAILSCALE_AUTHKEY env var in gitpod with an ephemeral authkey
2. Open the gitpod https://github.com/gitpod-io/template-tailscale
3. Run tailscale up with your authkey and the ssh flag

On another device connected to the tailnet

• ssh -v gitpod@<tailnet ip for the gitpod container>

Workspace affected

all

Expected behavior

I expect to be able to SSH to the gitpod instance via tailscale

Example repository

https://github.com/gitpod-io/template-tailscale

Anything else?

I first reported this issue over at tailscale, but based on the findings of this gitpod issue it seems that this phenomenon may be a consequence of gitpod's ssh daemon + container setup.

[axonasif]

While this might be an bug on the Gitpod side, I'd like to encourage you to use the built-in direct method of SSHing into a Gitpod workspace 😉

[mads-hartmann]

I've included the logs from tailscaled running in the Gitpod workspace when trying to establish a SSH. The exact arguments used when "starting pty command" might be useful for anyone who wants to dive deeper

ssh-session(sess-20220827T120719-bc6c4b5252): handling new SSH connection from <my>@<email> (<ip>) to ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): access granted to <my>@<email> as ssh-user "gitpod"
ssh-session(sess-20220827T120719-bc6c4b5252): starting pty command: [/usr/sbin/tailscaled be-child ssh --uid=33333 --gid=33333 --groups=33333,27,108 --local-user=gitpod --remote-user=<my>@<email> --remote-ip=<ip> --has-tty=true --tty-name=pts/5 --shell --login-cmd=/usr/bin/login --cmd=/bin/bash -- -l]
ssh-session(sess-20220827T120719-bc6c4b5252): Wait: code=1

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.