[openssh] upgrade openssh to v9.8p1 (#19994)

iQQBot · web-flow · commit 132070dfeb64 · 2024-07-02T15:57:15.000+02:00
* [openssh] upgrade openssh to v9.8p1

* update
diff --git a/components/supervisor/leeway.Dockerfile b/components/supervisor/leeway.Dockerfile
@@ -30,6 +30,7 @@ COPY components-supervisor--app/supervisor \
 WORKDIR "/.supervisor/ssh"
 COPY components-supervisor-openssh--app/usr/sbin/sshd .
 COPY components-supervisor-openssh--app/usr/bin/ssh-keygen .
+COPY components-supervisor-openssh--app/usr/libexec/sshd-session .
 
 COPY --from=docker_cli_builder /gp-docker/docker/docker /.supervisor/gitpod-docker-cli
 
diff --git a/components/supervisor/openssh/leeway.Dockerfile b/components/supervisor/openssh/leeway.Dockerfile
@@ -22,7 +22,7 @@
 # This Dockerfile was taken from https://github.com/ep76/docker-openssh-static and adapted.
 FROM alpine:3.19 AS builder
 
-ARG openssh_url=https://github.com/openssh/openssh-portable/archive/refs/tags/V_9_7_P1.tar.gz
+ARG openssh_url=https://github.com/openssh/openssh-portable/archive/refs/tags/V_9_8_P1.tar.gz
 
 WORKDIR /build
 
diff --git a/components/supervisor/pkg/supervisor/ssh.go b/components/supervisor/pkg/supervisor/ssh.go
@@ -99,6 +99,10 @@ func (s *sshServer) handleConn(ctx context.Context, conn net.Conn) {
 	if _, err := os.Stat(openssh); err != nil {
 		return
 	}
+	sshdSession := filepath.Join(filepath.Dir(bin), "ssh", "sshd-session")
+	if _, err := os.Stat(sshdSession); err != nil {
+		sshdSession = ""
+	}
 
 	var args []string
 	args = append(args,
@@ -118,6 +122,9 @@ func (s *sshServer) handleConn(ctx context.Context, conn net.Conn) {
 		"-oStrictModes no", // don't care for home directory and file permissions
 		"-oTrustedUserCAKeys "+s.caPath,
 	)
+	if sshdSession != "" {
+		args = append(args, "-oSshdSessionPath "+sshdSession)
+	}
 	// can be configured with gp env LOG_LEVEL=DEBUG to see SSH sessions/channels
 	sshdLogLevel := "ERROR"
 	switch log.Log.Logger.GetLevel() {
