)]}' { "log": [ { "commit": "7013e9ee282ef58104f91d64d85d4aec62f9c022", "tree": "baa2d5484c5a5e7add5f9caef2833a3da4abbe29", "parents": [ "00442413a2d0e6d6978982f9eeec0268e533ba56" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Wed May 14 02:03:58 2025 +0000" }, "committer": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Wed May 14 11:15:45 2025 -0700" }, "message": "ssh: use local CA, add mutual container/host auth\n\nSee loop/server/local_ssh.md for a detailed description of how sketch uses\nnow uses a local CA to sign each container certificate instead of adding\na new entry to known_hosts for each container.\n\nThis also adds another layer of security by having the container\u0027s ssh\nserver verify that incoming ssh connections have valid host certificates,\nwhereas prior to this change the authentication was only one-way (verifying\nthat the sketch container you think you\u0027re ssh\u0027ing into really is the one\nyou think you\u0027re ssh\u0027ing into).\n\nThis is somewhat inspired by https://github.com/FiloSottile/mkcert - which\nplays a similar role as ssh_theater.go local for ssh connections, but mkcert\nuses a local CA to address local development use cases for TLS/https rather\nthan for ssh.\n\nCo-Authored-By: sketch \u003chello@sketch.dev\u003e\nChange-ID: sc7b3928295277d5dk\n" }, { "commit": "bdfb126de211f5f2fabb39498de00acde5faf58f", "tree": "665cedc4a7148c2ba86e915be96e1cc1d8a01450", "parents": [ "cf291fafd7142308f27ec5805251f2e2bdeded6b" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Sat May 03 20:15:41 2025 -0700" }, "committer": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Sat May 03 20:15:41 2025 -0700" }, "message": "sshserver: s/log/slog\n" }, { "commit": "cf291fafd7142308f27ec5805251f2e2bdeded6b", "tree": "f18805cbe3583f62e423c5a0b17a3be3a757df54", "parents": [ "d0a3cd609ca36baebd066d6fd83c153293c459eb" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Sat May 03 17:55:48 2025 -0700" }, "committer": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Sat May 03 17:59:43 2025 -0700" }, "message": "sshserver: add scp support\n\nfixes https://github.com/boldsoftware/sketch/issues/53\n" }, { "commit": "22bd8eb83b7c779d9d2396c75cc344124e150aee", "tree": "81fc507d28db05b011d463745e125e6126260fb0", "parents": [ "0dcebe1bf2ec5d6f85aa71fb46367e2adf8f4947" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Mon Apr 28 10:36:37 2025 -0700" }, "committer": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Mon Apr 28 10:36:37 2025 -0700" }, "message": "sshserver: fix env for ssh pty sessions\n" }, { "commit": "01ed5bee0c121852d0e2ab3836a08acab68397e4", "tree": "e2b473d510d146f9474b2eedb5526b8a4eead1f2", "parents": [ "7d5a6301a256823ab4b26a68dbd166f0d0737409" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Thu Apr 24 22:46:53 2025 -0700" }, "committer": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Thu Apr 24 22:46:53 2025 -0700" }, "message": "sshserver: enable ssh port forwarding\n" }, { "commit": "1d06132f5a79950ab8a64eb72219363fb63ca92f", "tree": "46ed36f431ee3aef7caacbae7b1ebe7560d3f544", "parents": [ "6a50b1811c7fbf8be7e5ad4cc77a576e2d612a66" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Thu Apr 24 09:52:56 2025 -0700" }, "committer": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Thu Apr 24 11:11:44 2025 -0700" }, "message": "sshserver: add direct-tcpip channel, allow non-pty\n\nThis change enables VS Code to connect to local sketch containers\nover SSH.\n\nThe VSC docs describe how to use this feature:\nhttps://code.visualstudio.com/docs/remote/ssh\n" }, { "commit": "ae3480fee8b8ebf867a1097868d0032ff4b51324", "tree": "468d02673f8e9fff21fd33d9a343ef4125d646ac", "parents": [ "5544d146e1ebe2747ae282e611f8d0a2c23f2b6c" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Wed Apr 23 15:28:20 2025 -0700" }, "committer": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Wed Apr 23 15:57:49 2025 -0700" }, "message": "allow random (ephemeral) host ports for ssh server\n\nalso fixes an issue with authorized_keys files that\ncontain multiple pks: it now checks all of them not\njust the first one it parses.\n" }, { "commit": "baa2b590cc3a5f63bc52c3324f2835666b9ae450", "tree": "69b313aab41b2f3d3cd27c72ce7d09f6b6453aa6", "parents": [ "97188fc1955f036e57c42a2f345b3c01fc5f0dc0" ], "author": { "name": "Sean McCullough", "email": "banksean@gmail.com", "time": "Wed Apr 23 10:40:08 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 23 10:40:08 2025 -0700" }, "message": "sketch: initial container ssh support (#15)\n\nAdds an in-process ssh server to the sketch agent running inside\nthe container.\n\nThe ssh server implementation uses https://github.com/gliderlabs/ssh/\n\nThis change does not automatically generate any keys (this may come later).\nYou specify the server identity private key and the user\u0027s authorized public\nkeys on the sketch command line.\n\nThe host sketch process reads these files from the cli flags at startup. Once\nthe container is launched, it passes these keys to to the container\nsketch process via new /init POST body fields." } ] }