[ws-proxy] use ecdsa private key for createKey fake api

[iQQBot]

Description

This PR change /_supervisor/v1/ssh_keys/create hook endpoint to use ecdsa key. It provides backward compatibility for vscode desktop because dev-tunnel-ssh does not support ed25519.

This is just a change in the algorithm of the private key. Note that this endpoint does not have any substantive effect, and these keys will not be used for authentication.

Summary generated by Copilot

🤖[deprecated] Generated by Copilot at 39ca671

Use ECDSA keys for SSH authentication in ws-proxy. Update routes.go to generate and marshal ECDSA keys instead of Ed25519 keys.

Related Issue(s)

Fixes #

How to test

1. start a workspace in preview env
2. using this version vscode desktop extension use http create key endpoint gitpod-vscode-desktop#101
3. it should successfully connect with this preview env
4. you can test with dogfood, it should fail to connect via local SSH, and fallback to the SSH gateway (check the URL if it container vss, vsi)
5. also test with Jetbrains IDE, make sure it still work like before

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

• 🏷️ Name - pd-fake-ap186cc4bcc0
• 🔗 URL - pd-fake-ap186cc4bcc0.preview.gitpod-dev.com/workspaces.
• 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
• 📦 Version - pd-fake-api-use-ecdsa-key-gha.21473
• 🗒️ Logs - GCP Logs Explorer

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• /werft preemptible
  Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[iQQBot]

I tested with both case

[kylos101]

I asserted that SSH CA is not broke, and still works as expected. I did not test various IDE scenarios shared here, as I'm not sure how.

@jeanp413 can you help review? I've added you as a reviewer.

For the future, @iQQBot can you share with me via Slack how we typically setup?

1. JetBrains IDE with a related license Gitpodders use
2. How to setup a branch version of extension for VS Code Desktop

[kylos101]

you can test with dogfood, it should fail to connect via local SSH, and fallback to the SSH gateway (check the URL if it container vss, vsi)

This test is failing, it is frozen at:

2023-12-08 18:42:16.949 [info] Going to use public API
2023-12-08 18:42:18.187 [info] connecting with local ssh destination {"domain":"vss.dogfood.gitpod.cloud"}

and fallback to the SSH gateway (check the URL if it container vss, vsi)

How long does falling back take? 🤔 It seems like the fallback isn't kicking in for when testing on dogfood.

[kylos101]

• JetBrains IDE with a related license Gitpodders use
• How to setup a branch version of extension for VS Code Desktop

I added and updated documentation for Experience team in Notion for both things, and pinged you as a reviewer ✅

[iQQBot]

How long does falling back take? 🤔 It seems like the fallback isn't kicking in for when testing on dogfood.

Whether it can fallback is not the key point, the key point is that this PR can fix this situation.

[kylos101]

How long does falling back take? 🤔 It seems like the fallback isn't kicking in for when testing on dogfood.

Whether it can fallback is not the key point, the key point is that this PR can fix this situation.

@iQQBot and I spoke about this particular test ☝️, it is only necessary to land gitpod-io/gitpod-vscode-desktop#101, which is not needed now. In other words, this test is not on the critical path / not a blocker for this PR.

@iQQBot I will do a brief test in preview with the current vscode extension. So long as it works fine, I'll approve so we can land this PR.

[kylos101]

VS Code desktop with extension v0.0.163 still works. 🥳

[iQQBot]

/unhold