refactor(ssh): redesign SSH client with improved resource management and security (oomol-lab#75)

This commit completely redesigns the SSH client implementation with better architecture, resource management, and security features.

## Key Changes
### SSH Package Redesign
  - Implement layered architecture: Client -> Session -> Executor
  - Add proper lifecycle management with sync.Once and RWMutex
  - Introduce dedicated config types (ClientConfig, SessionConfig, ExecOptions)
  - Fix race conditions in keepalive loop by using local variable copies
  - Resolve "already closed" connection errors with isErrorIsConnectionAlreadyClosed()
  - Add comprehensive package documentation (doc.go)

### Security Improvements
  - Use shellescape.QuoteCommand() to prevent command injection vulnerabilities
  - Properly escape shell arguments in command execution

 ### Resource Management
  - Add automatic keepalive with configurable intervals (default: 5s)
  - Implement proper defer-based cleanup for all resources
  - Fix pipe management: close writers (not readers) to signal EOF correctly
  - Add WaitGroup-based I/O synchronization to prevent goroutine leaks

### Terminal Handling (pkg/system/terminal.go)
  - Fix signal handler leak by adding defer signal.Stop(ch)
  - Improve terminal state management with wrapper types
  - Add terminal type and size auto-detection
  - Enhance PTY resize handling with proper context cancellation

### API Changes
  - Migrate from old monolithic ssh.Cfg to layered Client/Session/Executor
  - Remove manual cleanup callbacks in favor of defer-based patterns
  - cmd/attach.go: Refactor to use new SSH API with proper PTY/non-PTY handling
  - pkg/server/exec.go: Fix resource management by closing client in goroutine
  - pkg/vmconfig: Update SSH key generation and connection probing

### Dependencies
  - Add al.essio.dev/pkg/shellescape for safe command escaping
  - Add github.com/google/shlex for command parsing
  - Add github.com/mattn/go-isatty for reliable terminal detection

### Miscellaneous
  - Improve server mode logging with String() method
  - Update libkrun bindings (libkrun_v2.go replaces libkrun.go)
  - Remove unused install_name_tool.sh script line

## Testing
  - Verified attach command works in both PTY and non-PTY modes
  - Confirmed REST API exec functionality
  - Tested SSH connection probing during VM startup
  - Validated proper resource cleanup under various scenarios

Author: ihexon

cmd/attach.go

@@ -12,6 +12,7 @@ import (
 	"path/filepath"
 
 	"github.com/urfave/cli/v3"
+	gossh "golang.org/x/crypto/ssh"
 )
 
 var AttachConsole = cli.Command{
@@ -30,63 +31,90 @@ var AttachConsole = cli.Command{
 	},
 }
 
-func attachConsole(ctx context.Context, command *cli.Command) error {
+func attachConsole(ctx context.Context, command *cli.Command) (err error) {
+	// Parse and validate arguments
 	rootfs := command.Args().First()
 	if rootfs == "" {
 		return fmt.Errorf("no rootfs specified, please provide the rootfs path, e.g. %s /path/to/rootfs", command.Name)
 	}
 
+	if command.Args().Len() < 2 {
+		return fmt.Errorf("no cmdline specified, please provide the cmdline, e.g. %s /path/to/rootfs /bin/bash", command.Name)
+	}
+
+	// Load VM configuration
 	vmc, err := define.LoadVMCFromFile(filepath.Join(rootfs, define.VMConfigFile))
 	if err != nil {
 		return err
 	}
 
+	// Extract command line arguments
+	cmdline := command.Args().Tail()
+
+	// Parse gvproxy endpoint
 	endpoint, err := url.Parse(vmc.GVproxyEndpoint)
 	if err != nil {
 		return fmt.Errorf("failed to parse gvproxy endpoint: %w", err)
 	}
 
-	if command.Args().Len() < 2 {
-		return fmt.Errorf("no cmdline specified, please provide the cmdline, e.g. %s /path/to/rootfs /bin/bash", command.Name)
-	}
-
-	cmdline := command.Args().Tail()
-
-	// First we maka a ssh client configure, remember it just a configure store the information the ssh client actually needed
-	cfg := ssh.NewCfg(define.DefaultGuestAddr, define.DefaultGuestUser, define.DefaultGuestSSHDPort, vmc.SSHInfo.HostSSHKeyPairFile)
-	defer cfg.CleanUp.CleanIfErr(&err)
+	// Configure SSH client
+	clientCfg := ssh.NewClientConfig(
+		define.DefaultGuestAddr,
+		uint16(define.DefaultGuestSSHDPort),
+		define.DefaultGuestUser,
+		vmc.SSHInfo.HostSSHKeyPairFile,
+	).WithGVProxySocket(endpoint.Path)
 
-	// Set the cmdline
-	cfg.SetCmdLine(cmdline[0], cmdline[1:])
-
-	if command.Bool(define.FlagPTY) {
-		cfg.SetPty(true)
+	// Create SSH client
+	client, err := ssh.NewClient(ctx, clientCfg)
+	if err != nil {
+		return fmt.Errorf("failed to connect to %s: %w", endpoint.Path, err)
 	}
+	defer client.Close()
 
-	// Connect to the ssh server over gvproxy vsock, we use the gvproxy endpoint to connect to the ssh server
-	if err = cfg.Connect(ctx, endpoint.Path); err != nil {
-		return fmt.Errorf("failed to connect to %s: %w", endpoint.Path, err)
+	// Create session
+	session, err := client.NewSession(ctx)
+	if err != nil {
+		return err
 	}
+	defer session.Close()
 
-	keepAliveCtx, keepAliveCancel := context.WithCancel(ctx)
-	defer keepAliveCancel()
-	go func() {
-		ssh.StartKeepAlive(keepAliveCtx, cfg.SSHClient)
-	}()
+	// Check if PTY mode is enabled
+	enablePTY := command.Bool(define.FlagPTY)
 
-	// make stdout/stderr pipe, so we can get the output of the cmdline in realtime
-	if err = cfg.WriteOutputTo(os.Stdout, os.Stderr); err != nil {
-		return fmt.Errorf("failed to make std pipe: %w", err)
-	}
+	if enablePTY {
+		// PTY mode: directly assign I/O streams, then request PTY
+		if err := session.SetStdin(os.Stdin); err != nil {
+			return err
+		}
+		if err := session.SetStdout(os.Stdout); err != nil {
+			return fmt.Errorf("failed to setup stdout: %w", err)
+		}
+		if err := session.SetStderr(os.Stderr); err != nil {
+			return fmt.Errorf("failed to setup stderr: %w", err)
+		}
 
-	// if enable pty, we need to request a pty
-	if cfg.IsPty() {
-		resetFunc, err := cfg.RequestPTY(ctx)
-		if err != nil {
+		if err := session.RequestPTY(ctx, "", 0, 0); err != nil {
 			return fmt.Errorf("failed to request pty: %w", err)
 		}
-		defer resetFunc()
+	} else {
+		// Non-PTY mode: use pipes with async I/O copying
+		if err := session.SetupPipes(nil, os.Stdout, os.Stderr); err != nil {
+			return fmt.Errorf("failed to setup pipes: %w", err)
+		}
 	}
 
-	return cfg.Run(ctx)
+	// Set up context cancellation to send SIGTERM
+	runCtx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	go func() {
+		<-runCtx.Done()
+		if ctx.Err() != nil {
+			_ = session.Signal(gossh.SIGTERM)
+		}
+	}()
+
+	// Execute command
+	return session.Run(ctx, cmdline...)
 }

cmd/common.go

@@ -27,6 +27,8 @@ func showVersionAndOSInfo() error {
 		version.WriteString("unknown")
 	}
 
+	version.WriteString("-")
+
 	if define.CommitID != "" {
 		version.WriteString(define.CommitID)
 	} else {

go.mod

@@ -7,7 +7,9 @@ require (
 	github.com/charmbracelet/keygen v0.5.4-0.20250811135526-3a78fe71a39a
 	github.com/crc-org/vfkit v0.6.2-0.20250929125513-88ab5cdcf444
 	github.com/gofrs/flock v0.12.1
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/google/uuid v1.6.0
+	github.com/mattn/go-isatty v0.0.20
 	github.com/oomol-lab/sysproxy v0.0.0-20250609040630-bacc3356fc00
 	github.com/pkg/errors v0.9.1
 	github.com/shirou/gopsutil/v4 v4.25.8
@@ -21,6 +23,7 @@ require (
 )
 
 require (
+	al.essio.dev/pkg/shellescape v1.6.1-0.20250626071713-b09271781b1a // indirect
 	github.com/Code-Hex/go-infinity-channel v1.0.0 // indirect
 	github.com/containers/common v0.64.2 // indirect
 	github.com/ebitengine/purego v0.8.4 // indirect

go.sum

@@ -1,3 +1,5 @@
+al.essio.dev/pkg/shellescape v1.6.1-0.20250626071713-b09271781b1a h1:G3lRbkj9f9M0wjN4kgGGsGaXL7mbLDfRrSE2Hn0zbO8=
+al.essio.dev/pkg/shellescape v1.6.1-0.20250626071713-b09271781b1a/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890=
 github.com/Code-Hex/go-infinity-channel v1.0.0 h1:M8BWlfDOxq9or9yvF9+YkceoTkDI1pFAqvnP87Zh0Nw=
 github.com/Code-Hex/go-infinity-channel v1.0.0/go.mod h1:5yUVg/Fqao9dAjcpzoQ33WwfdMWmISOrQloDRn3bsvY=
 github.com/Code-Hex/vz/v3 v3.7.1 h1:EN1yNiyrbPq+dl388nne2NySo8I94EnPppvqypA65XM=
@@ -35,6 +37,8 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/insomniacslk/dhcp v0.0.0-20250417080101-5f8cf70e8c5f h1:dd33oobuIv9PcBVqvbEiCXEbNTomOHyj3WFuC5YiPRU=
@@ -49,6 +53,8 @@ github.com/linuxkit/virtsock v0.0.0-20220523201153-1a23e78aa7a2 h1:DZMFueDbfz6PN
 github.com/linuxkit/virtsock v0.0.0-20220523201153-1a23e78aa7a2/go.mod h1:SWzULI85WerrFt3u+nIm5F9l7EvxZTKQvd0InF3nmgM=
 github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 h1:7UMa6KCCMjZEMDtTVdcGu0B1GmmC7QJKiCCjyTAWQy0=
 github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mdlayher/packet v1.1.2 h1:3Up1NG6LZrsgDVn6X4L9Ge/iyRyxFEFD9o6Pr3Q1nQY=
 github.com/mdlayher/packet v1.1.2/go.mod h1:GEu1+n9sG5VtiRE4SydOmX5GTwyyYlteZiFU+x0kew4=
 github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
@@ -119,6 +125,7 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=