coder
diff --git a/‎.vscode/settings.json
+1 b/‎.vscode/settings.json
+1
diff --git a/‎agent/agent.go
+6-18 b/‎agent/agent.go
+6-18
diff --git a/‎agent/conn.go
-3 b/‎agent/conn.go
-3
diff --git a/‎agent/usershell/usershell_other.go
+1-1 b/‎agent/usershell/usershell_other.go
+1-1
diff --git a/‎cli/cliui/agent.go
+11-10 b/‎cli/cliui/agent.go
+11-10
diff --git a/‎cli/cliui/agent_test.go
+1-1 b/‎cli/cliui/agent_test.go
+1-1
diff --git a/‎cli/cliui/log.go
+38 b/‎cli/cliui/log.go
+38
diff --git a/‎cli/configssh.go
+142-9 b/‎cli/configssh.go
+142-9
diff --git a/‎cli/configssh_test.go
+7 b/‎cli/configssh_test.go
+7
@@ -1,5 +1,6 @@
 {
   "cSpell.words": [
+    "cliflag",
     "cliui",
     "coderd",
     "coderdtest",
 
@@ -148,7 +148,7 @@ func (s *agent) init(ctx context.Context) {
 		Handler: func(session ssh.Session) {
 			err := s.handleSSHSession(session)
 			if err != nil {
-				s.options.Logger.Debug(ctx, "ssh session failed", slog.Error(err))
+				s.options.Logger.Warn(ctx, "ssh session failed", slog.Error(err))
 				_ = session.Exit(1)
 				return
 			}
@@ -177,12 +177,6 @@ func (s *agent) init(ctx context.Context) {
 		},
 		ServerConfigCallback: func(ctx ssh.Context) *gossh.ServerConfig {
 			return &gossh.ServerConfig{
-				Config: gossh.Config{
-					// "arcfour" is the fastest SSH cipher. We prioritize throughput
-					// over encryption here, because the WebRTC connection is already
-					// encrypted. If possible, we'd disable encryption entirely here.
-					Ciphers: []string{"arcfour"},
-				},
 				NoClientAuth: true,
 			}
 		},
@@ -198,14 +192,11 @@ func (*agent) handleSSHSession(session ssh.Session) error {
 		err     error
 	)
 
-	username := session.User()
-	if username == "" {
-		currentUser, err := user.Current()
-		if err != nil {
-			return xerrors.Errorf("get current user: %w", err)
-		}
-		username = currentUser.Username
+	currentUser, err := user.Current()
+	if err != nil {
+		return xerrors.Errorf("get current user: %w", err)
 	}
+	username := currentUser.Username
 
 	// gliderlabs/ssh returns a command slice of zero
 	// when a shell is requested.
@@ -249,10 +240,7 @@ func (*agent) handleSSHSession(session ssh.Session) error {
 		}
 		go func() {
 			for win := range windowSize {
-				err := ptty.Resize(uint16(win.Width), uint16(win.Height))
-				if err != nil {
-					panic(err)
-				}
+				_ = ptty.Resize(uint16(win.Width), uint16(win.Height))
 			}
 		}()
 		go func() {
 
@@ -39,9 +39,6 @@ func (c *Conn) SSHClient() (*ssh.Client, error) {
 		return nil, xerrors.Errorf("ssh: %w", err)
 	}
 	sshConn, channels, requests, err := ssh.NewClientConn(netConn, "localhost:22", &ssh.ClientConfig{
-		Config: ssh.Config{
-			Ciphers: []string{"arcfour"},
-		},
 		// SSH host validation isn't helpful, because obtaining a peer
 		// connection already signifies user-intent to dial a workspace.
 		// #nosec
 
@@ -27,5 +27,5 @@ func Get(username string) (string, error) {
 		}
 		return parts[6], nil
 	}
-	return "", xerrors.New("user not found in /etc/passwd and $SHELL not set")
+	return "", xerrors.Errorf("user %q not found in /etc/passwd", username)
 }
@@ -3,11 +3,11 @@ package cliui
 import (
 	"context"
 	"fmt"
+	"io"
 	"sync"
 	"time"
 
 	"github.com/briandowns/spinner"
-	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 
 	"github.com/coder/coder/codersdk"
@@ -21,15 +21,15 @@ type AgentOptions struct {
 }
 
 // Agent displays a spinning indicator that waits for a workspace agent to connect.
-func Agent(cmd *cobra.Command, opts AgentOptions) error {
+func Agent(ctx context.Context, writer io.Writer, opts AgentOptions) error {
 	if opts.FetchInterval == 0 {
 		opts.FetchInterval = 500 * time.Millisecond
 	}
 	if opts.WarnInterval == 0 {
 		opts.WarnInterval = 30 * time.Second
 	}
 	var resourceMutex sync.Mutex
-	resource, err := opts.Fetch(cmd.Context())
+	resource, err := opts.Fetch(ctx)
 	if err != nil {
 		return xerrors.Errorf("fetch: %w", err)
 	}
@@ -40,7 +40,8 @@ func Agent(cmd *cobra.Command, opts AgentOptions) error {
 		opts.WarnInterval = 0
 	}
 	spin := spinner.New(spinner.CharSets[78], 100*time.Millisecond, spinner.WithColor("fgHiGreen"))
-	spin.Writer = cmd.OutOrStdout()
+	spin.Writer = writer
+	spin.ForceOutput = true
 	spin.Suffix = " Waiting for connection from " + Styles.Field.Render(resource.Type+"."+resource.Name) + "..."
 	spin.Start()
 	defer spin.Stop()
@@ -51,7 +52,7 @@ func Agent(cmd *cobra.Command, opts AgentOptions) error {
 	defer timer.Stop()
 	go func() {
 		select {
-		case <-cmd.Context().Done():
+		case <-ctx.Done():
 			return
 		case <-timer.C:
 		}
@@ -63,17 +64,17 @@ func Agent(cmd *cobra.Command, opts AgentOptions) error {
 		}
 		// This saves the cursor position, then defers clearing from the cursor
 		// position to the end of the screen.
-		_, _ = fmt.Fprintf(cmd.OutOrStdout(), "\033[s\r\033[2K%s\n\n", Styles.Paragraph.Render(Styles.Prompt.String()+message))
-		defer fmt.Fprintf(cmd.OutOrStdout(), "\033[u\033[J")
+		_, _ = fmt.Fprintf(writer, "\033[s\r\033[2K%s\n\n", Styles.Paragraph.Render(Styles.Prompt.String()+message))
+		defer fmt.Fprintf(writer, "\033[u\033[J")
 	}()
 	for {
 		select {
-		case <-cmd.Context().Done():
-			return cmd.Context().Err()
+		case <-ctx.Done():
+			return ctx.Err()
 		case <-ticker.C:
 		}
 		resourceMutex.Lock()
-		resource, err = opts.Fetch(cmd.Context())
+		resource, err = opts.Fetch(ctx)
 		if err != nil {
 			return xerrors.Errorf("fetch: %w", err)
 		}
 
@@ -20,7 +20,7 @@ func TestAgent(t *testing.T) {
 	ptty := ptytest.New(t)
 	cmd := &cobra.Command{
 		RunE: func(cmd *cobra.Command, args []string) error {
-			err := cliui.Agent(cmd, cliui.AgentOptions{
+			err := cliui.Agent(cmd.Context(), cmd.OutOrStdout(), cliui.AgentOptions{
 				WorkspaceName: "example",
 				Fetch: func(ctx context.Context) (codersdk.WorkspaceResource, error) {
 					resource := codersdk.WorkspaceResource{
 
@@ -0,0 +1,38 @@
+package cliui
+
+import (
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/charmbracelet/lipgloss"
+)
+
+// cliMessage provides a human-readable message for CLI errors and messages.
+type cliMessage struct {
+	Level  string
+	Style  lipgloss.Style
+	Header string
+	Lines  []string
+}
+
+// String formats the CLI message for consumption by a human.
+func (m cliMessage) String() string {
+	var str strings.Builder
+	_, _ = fmt.Fprintf(&str, "%s\r\n",
+		Styles.Bold.Render(m.Header))
+	for _, line := range m.Lines {
+		_, _ = fmt.Fprintf(&str, "  %s %s\r\n", m.Style.Render("|"), line)
+	}
+	return str.String()
+}
+
+// Warn writes a log to the writer provided.
+func Warn(wtr io.Writer, header string, lines ...string) {
+	_, _ = fmt.Fprint(wtr, cliMessage{
+		Level:  "warning",
+		Style:  Styles.Warn,
+		Header: header,
+		Lines:  lines,
+	}.String())
+}
@@ -1,26 +1,159 @@
 package cli
 
 import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+
+	"github.com/cli/safeexec"
 	"github.com/spf13/cobra"
+	"golang.org/x/sync/errgroup"
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/cli/cliflag"
+	"github.com/coder/coder/cli/cliui"
+	"github.com/coder/coder/codersdk"
 )
 
-// const sshStartToken = "# ------------START-CODER-----------"
-// const sshStartMessage = `# This was generated by "coder config-ssh".
-// #
-// # To remove this blob, run:
-// #
-// #    coder config-ssh --remove
-// #
-// # You should not hand-edit this section, unless you are deleting it.`
-// const sshEndToken = "# ------------END-CODER------------"
+const sshStartToken = "# ------------START-CODER-----------"
+const sshStartMessage = `# This was generated by "coder config-ssh".
+#
+# To remove this blob, run:
+#
+#    coder config-ssh --remove
+#
+# You should not hand-edit this section, unless you are deleting it.`
+const sshEndToken = "# ------------END-CODER------------"
 
 func configSSH() *cobra.Command {
+	var (
+		sshConfigFile string
+	)
 	cmd := &cobra.Command{
 		Use: "config-ssh",
 		RunE: func(cmd *cobra.Command, args []string) error {
+			client, err := createClient(cmd)
+			if err != nil {
+				return err
+			}
+			if strings.HasPrefix(sshConfigFile, "~/") {
+				dirname, _ := os.UserHomeDir()
+				sshConfigFile = filepath.Join(dirname, sshConfigFile[2:])
+			}
+			// Doesn't matter if this fails, because we write the file anyways.
+			sshConfigContentRaw, _ := os.ReadFile(sshConfigFile)
+			sshConfigContent := string(sshConfigContentRaw)
+			startIndex := strings.Index(sshConfigContent, sshStartToken)
+			endIndex := strings.Index(sshConfigContent, sshEndToken)
+			if startIndex != -1 && endIndex != -1 {
+				sshConfigContent = sshConfigContent[:startIndex-1] + sshConfigContent[endIndex+len(sshEndToken):]
+			}
+
+			workspaces, err := client.WorkspacesByUser(cmd.Context(), "")
+			if err != nil {
+				return err
+			}
+			binPath, err := currentBinPath(cmd)
+			if err != nil {
+				return err
+			}
+
+			sshConfigContent += "\n" + sshStartToken + "\n" + sshStartMessage + "\n\n"
+			sshConfigContentMutex := sync.Mutex{}
+			var errGroup errgroup.Group
+			for _, workspace := range workspaces {
+				workspace := workspace
+				errGroup.Go(func() error {
+					resources, err := client.WorkspaceResourcesByBuild(cmd.Context(), workspace.LatestBuild.ID)
+					if err != nil {
+						return err
+					}
+					resourcesWithAgents := make([]codersdk.WorkspaceResource, 0)
+					for _, resource := range resources {
+						if resource.Agent == nil {
+							continue
+						}
+						resourcesWithAgents = append(resourcesWithAgents, resource)
+					}
+					sshConfigContentMutex.Lock()
+					defer sshConfigContentMutex.Unlock()
+					if len(resourcesWithAgents) == 1 {
+						sshConfigContent += strings.Join([]string{
+							"Host coder." + workspace.Name,
+							"\tHostName coder." + workspace.Name,
+							fmt.Sprintf("\tProxyCommand %q ssh --stdio %s", binPath, workspace.Name),
+							"\tConnectTimeout=0",
+							"\tStrictHostKeyChecking=no",
+						}, "\n") + "\n"
+					}
+
+					return nil
+				})
+			}
+			err = errGroup.Wait()
+			if err != nil {
+				return err
+			}
+			sshConfigContent += "\n" + sshEndToken
+			err = os.MkdirAll(filepath.Dir(sshConfigFile), os.ModePerm)
+			if err != nil {
+				return err
+			}
+			err = os.WriteFile(sshConfigFile, []byte(sshConfigContent), os.ModePerm)
+			if err != nil {
+				return err
+			}
+			_, _ = fmt.Printf("An auto-generated ssh config was written to \"%s\"\n", sshConfigFile)
+			_, _ = fmt.Println("You should now be able to ssh into your workspace")
+			_, _ = fmt.Printf("For example, try running\n\n\t$ ssh coder.%s\n\n", workspaces[0].Name)
 			return nil
 		},
 	}
+	cliflag.StringVarP(cmd.Flags(), &sshConfigFile, "ssh-config-file", "", "CODER_SSH_CONFIG_FILE", "~/.ssh/config", "Specifies the path to an SSH config.")
 
 	return cmd
 }
+
+// currentBinPath returns the path to the coder binary suitable for use in ssh
+// ProxyCommand.
+func currentBinPath(cmd *cobra.Command) (string, error) {
+	exePath, err := os.Executable()
+	if err != nil {
+		return "", xerrors.Errorf("get executable path: %w", err)
+	}
+
+	binName := filepath.Base(exePath)
+	// We use safeexec instead of os/exec because os/exec returns paths in
+	// the current working directory, which we will run into very often when
+	// looking for our own path.
+	pathPath, err := safeexec.LookPath(binName)
+	// On Windows, the coder-cli executable must be in $PATH for both Msys2/Git
+	// Bash and OpenSSH for Windows (used by Powershell and VS Code) to function
+	// correctly. Check if the current executable is in $PATH, and warn the user
+	// if it isn't.
+	if err != nil && runtime.GOOS == "windows" {
+		cliui.Warn(cmd.OutOrStdout(),
+			"The current executable is not in $PATH.",
+			"This may lead to problems connecting to your workspace via SSH.",
+			fmt.Sprintf("Please move %q to a location in your $PATH (such as System32) and run `%s config-ssh` again.", binName, binName),
+		)
+		// Return the exePath so SSH at least works outside of Msys2.
+		return exePath, nil
+	}
+
+	// Warn the user if the current executable is not the same as the one in
+	// $PATH.
+	if filepath.Clean(pathPath) != filepath.Clean(exePath) {
+		cliui.Warn(cmd.OutOrStdout(),
+			"The current executable path does not match the executable path found in $PATH.",
+			"This may cause issues connecting to your workspace via SSH.",
+			fmt.Sprintf("\tCurrent executable path: %q", exePath),
+			fmt.Sprintf("\tExecutable path in $PATH: %q", pathPath),
+		)
+	}
+
+	return binName, nil
+}
@@ -0,0 +1,7 @@
+package cli_test
+
+import "testing"
+
+func TestConfigSSH(t *testing.T) {
+	t.Parallel()
+}
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"cSpell.words": [`
	`3`	`+ "cliflag",`
`3`	`4`	`"cliui",`
`4`	`5`	`"coderd",`
`5`	`6`	`"coderdtest",`
Original file line number	Diff line number	Diff line change
`@@ -27,5 +27,5 @@ func Get(username string) (string, error) {`
`27`	`27`	`}`
`28`	`28`	`return parts[6], nil`
`29`	`29`	`}`
`30`		`- return "", xerrors.New("user not found in /etc/passwd and $SHELL not set")`
	`30`	`+ return "", xerrors.Errorf("user %q not found in /etc/passwd", username)`
`31`	`31`	`}`