How to save ssh password to vscode? - visual-studio-code

I am using vscode to connect to a remote host. I use Remote-SSH (ms-vscode-remote.remote-ssh) extension to do so. Every time I want to connect to the remote host, I need to enter the password.
Is there a way to save the ssh password to vscode?

To setup password-less authentication for ssh on Visual Studio Code, perform the following steps.
These examples assume the following (replace with your actual details)
Host: myhost
Local User: localuser
Remote User: remoteuser
Remote User Home Dir: remoteuserhome
SSH Port: 22
I'm using a Mac so Windows will be a bit different but the basics are the same
Tell VS Code and your machine in general how you will be connecting to myhost
Edit:
/Users/<localuser>/.ssh/config
Add:
Host <myhost>
HostName <myhost>
User <remoteuser>
Port 22
PreferredAuthentications publickey
IdentityFile "/Users/<localuser>/.ssh/<myhost>_rsa"
Next generate a public and a private key with something like OpenSSL
ssh-keygen -q -b 2048 -P "" -f /Users/<localuser>/.ssh/keys/<myhost>_rsa -t rsa
This should make two files:
<myhost>_rsa (private key)
<myhost>_rsa.pub (public key)
The private key (<myhost>_rsa) can stay in the local .ssh folder
The public key (<myhost>_rsa.pub) needs to be copied to the server (<myhost>)
I did it with FTP but you can do it however you wish but it needs to end up in a similar directory on the server.
ON THE SERVER
There is a file on the server which has a list of public keys inside it.
<remoteuserhome>/.ssh/authorized_keys
If it exists already, you need to add the contents of <myhost>_rsa.pub to the end of the file.
If it does not exist you can use the <myhost>_rsa.pub and rename it to authorized_keys with permissions of 600.
If everything goes according to plan you should now be able to go into terminal and type
ssh <remoteuser>#<myhost>
and you should be in without a password. The same will now apply in Visual Studio Code.

Let's answer the OP's question first:
How to 'save ssh password'?
Since there is no such thing as "ssh password", the answer to "how to save the remote user password" is:
This is not supported by VSCode.
VSCode proposes to setup an SSH Agent in order to cache the passphrase (in case you are using an encrypted key)
But if the public key was not properly registered to the remote account ~/.ssh/authorized_key, SSH daemon will default to the remote user credentials (username/password).
It is called PasswordAuthentication, often the remote user password.
And caching that password is not supported for SSH sessions.
It is only supported by a Git credential helper, when using HTTPS URLs.
(it defers to the OS underlying credential manager)
But I don't know of a remote user password cache when SSH is used.
As Chagai Friedlander comments, the answer to the original question is therefore:
No, but you can use SSH keys and that is better.
Speaking of SSH keys:
"ssh password": Assuming you are referring to a ssh passphrase, meaning you have created an encrypted private key, then "saving the ssh password" would mean caching that passphrase in order to avoid entering it every time you want to access the remote host.
Check first if you can setup the ssh-agent, in order to cache the passphrase protecting your private key.
See "VSCode: Setting up the SSH Agent"
This assumes you are using an SSH key, as described in "VSCode: Connect to a remote host", and you are not using directly the remote user password.
Using an SSH key means its public key would have been registered to the remote account ~/.ssh/authorized_keys file.
This section is the workaround the OP ended up accepting: registering the public key on the remote user account, and caching the local private key passphrase worked.

For those trying to connect through Vscode Remote SSH Extension steps provided at https://code.visualstudio.com/docs/remote/troubleshooting#_ssh-tips)
For Windows(Host) --> Linux(Remote)
Create an SSH .pub key in your windows ssh-keygen -t rsa -b 4096
Copy the contents of the .pub key (default path C:\Users\username/.ssh/id_rsa.pub)
SSH into Remote machine and append the contents of the pub key in authorized keys echo "pub-key" >> ~/.ssh/authorized_keys

Related

VS Code ask for password repeatedly when opening different folder on same host

I have connected to a remote Ubuntu host from Windows using VS Code and using it for remote development. Often times I open different code repositories in VS Code but every time I have to open a different folder despite having the connection established the VS Code ask for password.
It seems that once we are commented to a remote host then successive opening of different folder from same host should not prompt for password.
Is there any setting I am missing or should do to resolve this or save password.
I'm assuming you're connecting to an ssh remote.
There are two ways to authenticate an ssh connection, via password and via public/private key. When using the latter you don't need to enter the password each time.
To use the public/private keys here's what you have to do:
You first need a pair (public/private) of ssh keys. On windows you can use ssh-keygen to generate them for you and put them in the default ssh config folder ( ~/.ssh/)
You then have to configure the remote server to allow your ssh key, you can do this in two ways:
with the ssh-copy-id command if available (I think on windows it's not there, but you can try)
by manually add your public key (~/.ssh/id_rsa.pub) to the.ssh/authorized_keys file on the host machine
Here's a link to know more about passwordless logins via ssh: https://www.redhat.com/sysadmin/passwordless-ssh
Open git bash on Windows
cd .ssh
ssh-copy-id -i id_ed25519.pub your-username#your-server

VSCode Remote SSH cannot identify private key file

Been trying to solve this for hours already. Already searched the net and follow tutorials but nothing is working.
In my Windows local machine I installed Remote SSH plugin in VSCode. I'm trying to connect to my remote linux server.
My config file looks like this (changed hostname and user to dummy values for security).
Host RemoteServer
HostName remote.server.infra
User user123
IdentityFile ~/.ssh/privkey
When trying to connect to New Host. It keeps prompting for password.
As per checking the logs it is saying
no such identity: C:\\Users\\user123/.ssh/privkey: No such file or directory
This privkey file is the exact file I'm using in my putty when connecting to remote server.
What am I missing?
EDIT:
Finally figured it out. I had to convert my private key to openssh format with puttygen.
In addition of using an openSSH format, I would also put the full path in the config file:
Host RemoteServer
HostName remote.server.infra
User user123
IdentityFile /c/Users/user123/.ssh/privkey
Note that the SSH URL then becomes:
ssh -Tv RemoteServer
Note: Başar Söker adds in the comments:
I also needed to add a colon to my path.
Here how it looks like:
IdentityFile /c:/Users/username/.ssh/privatekey.pem
Note: reukiodo adds in the comments:
If you copy/paste the private key, it MUST end with a newline, or it will also result in this same error.
Reminder: only the public key can be copied elsewhere. The private key should remain on your computer.
if you have generated public private key pair using putty you need to convert the private key using putty generation conversion or else it will not work and it will show public key access denied

VSCode remote developement using ssh with passphrase protected ssh-key

I have a remote ssh server on which I want to do remote developement.
My public key is added to the authorized keys on the server and my private key is passphrase protected.
I added the remote host as described here using ssh user#host -i ~/.ssh/key
But whenever I try to open a new VSCode window on the remote host it fails and I see in the log that the connection timed out, which is expected because I don't get asked for my private-key passphrase.
I read this post on remote development using ssh and I searched on google but couldn't find any hints to what I could do to enable/enter ssh-key passphrase while connecting to remote host.
I know I can connect to the remote using a non-passphrase-protected key but I'm not asking for that, I want to know if it's possible to connect to a remote host from VSCode using a passphrase protected key.
If your key is not the default one, that means you need a ~/.ssh/config entry in which you specify your SSH connection parameters:
Host myserver
Hostname host
User user
IdentityFile ~/.ssh/key
The Visual Studio Code Remote Development will automatically read the config file, and when you ask for opening an SSH session, you will see "myserver" entry: if you select it, the SSH session opened will use ~/.ssh/key, the right private key.
Then, as long as your ssh-agent is enabled, and you have entered at least once your passphrase (through a manual ssh myserver), VSCode will use the same agent to get the passphrase when it will need it.
This is what solved it for me, your issue could be different.
In VScode, choose command: Remote-SSH: Open SSH Configuration File...
Choose the location that is offered to you (or create a config file without extension to desired location), for example:
C:\Users\[USER_NAME]\.ssh\config. Make sure you have appropriate permissions.
Prepare you configuration file, for example
Host Custom_Name
HostName example.server.com
User your_user_name
IdentityFile C:\Users\[USER_NAME]\Documents\MobaXterm\home\.ssh\id_rsa
(or wherever you have the private key)
Finally add a custom path to your configuration file. This is what I lacked for long time
{
// add custom configuration file path
"remote.SSH.configFile": "C:\\Users\\[USER_NAME]\\.ssh\\config",
// Other settings
// omit comma after *config"* if that is your last setting
}
Now it should ask for passphrase as opposed to password.
P.S. Here is a lot of useful information with the setup, especially with the keys that I have omitted for brevity.

Failed to add the SSH key to the ssh-agent with an empty passphrase (Bitrise CLI)

Summary:
As I'm integrating CI to the development workflow, I'm also trying to move the executions of Bitrise workflows to our local iOS Mac Computer which is setup as a Jenkins slave.
The projects that I'm trying to build therefore needs to be built on this iOS Computer.
Problem:
I'm trying to establish an ssh connection to an integration user (a GitHub account that has access to my repositories) and I have created a key and added it to the GitHub user as well as to the .bitrise.secrets.yml file.
But when the initial step, the activate-ssh-key step is executed, it results with an error that I can't add the SSH key to the ssh-agent with empty passphrase. (Is this somehow configurable? Can I just evade this?)
Here is the output log:
https://pastebin.com/FCHhZNDb
Step in bitrise.yml:
- activate-ssh-key#4.0.2: {getenv "SSH_RSA_PRIVATE_KEY"}
.bitrise.secrets.yml:
envs:
- SSH_RSA_PRIVATE_KEY: ssh-rsa *KEY*
|------------------------------------|
I have also tried putting the ssh key directly in the .ssh directory which did not work.
Any help is really appreciated! :)
TL;DR
Trying to connect bitrise cli with github via ssh, doesn't work.
The SSH key you used seem to be protected with a passphrase. You should generate one that does not require a passphrase to be specified, and register that for the repository.
How to generate such an SSH key: https://devcenter.bitrise.io/faq/how-to-generate-ssh-keypair/
ssh-keygen -t rsa -b 4096 -P '' -f ./bitrise-ssh -m PEM
Alternatively you can replace the Activate SSH Key step with a script one and activate the SSH key any way you like.
Or if you prefer to not to use SSH keys you could switch to using https:// git clone urls (instead of the SSH / git# one) and replace the Activate SSH Key step with the Authenticate with GitHub OAuth one (https://www.bitrise.io/integrations/steps/authenticate-with-github-oauth).

Permission denied (public key) during fetch from GitHub with Jenkins user on Ubuntu

Here is my setup:
Jenkins is running on my linux machine as 'jenkins' user.
I have generated a ssh key-pair as described in Linux - Setup Git, for the 'jenkins' user.
When I sudo su jenkins and try ssh -vT git#github.com, I am always asked my passphrase, but I am always eventually authenicated. (the verbose option shows which key is used, among others).
I could clone my repo from GitHub using jenkins:
Thusly:
jenkins#alpm:~/jobs/test git/workspace$ git pull
Enter passphrase for key '/var/lib/jenkins/.ssh/id*_rsa':
Already up-to-date.
Up to this point I have followed the instructions to the letter. The problem is that the Jenkins job fails with the following error:
status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
This is same error as I get when I typo the passphrase (but of course, Jenkins does not ask me for the passphrase). The following pages:
GitHub - SSH Issues
Using SSH Agent Forwarding
indicate to me that ssh-agent could help remember the passphrase, which it does when I am using my own user, but not the jenkins id. Note that while running as my normal user yields:
echo "$SSH_AUTH_SOCK"
/tmp/keyring-nQlwf9/ssh
While running the same command as my 'jenkins' yields nothing (not even permission denied)
My understanding of the problem is that the passphrase is not remembered.
Do you have any idea?
Shall I start a ssh-agent or key ring manager for the jenkins user? How?
Or is ssh forwarding suitable when forwarding to the same machine?
Any brighter idea?
ps: I never sudo gitted, I always used jenkins or my user account (as mentioned in this SO post - Ubuntu/GitHub SSH Key Issue)
Since nobody wrote the answer from the comments for several months, I will quickly do so.
There are 2 possible problems/solutions:
id_rsa created with wrong user
Create id_rsa as the jenkins user (see hudson cannot fetch from git repository)
Leave passphrase empty
To summarise what must be done on the Jenkins server:
# 1. Create the folder containing the SSH keys if necessary
if [ ! -e ~jenkins/.ssh ]; then mkdir ~jenkins/.ssh; fi
cd ~jenkins/.ssh/
# 2. Create the SSH pair of keys
# The comment will help to identify the SSH key on target systems
ssh-keygen -C "jenkins" -f ~jenkins/.ssh/id_rsa -P ""
# 3. Assign the proper access rights
chown -R jenkins ~jenkins/.ssh/
chmod 700 ~jenkins/.ssh
chmod 600 ~jenkins/.ssh/*
Remember:
Please keep the default "id_rsa" name when generating the keys, as other such as "id_rsa_jenkins" won't work, even if correctly set up.
Do not use a passphrase for your key
Check that the public key (id_rsa.pub) has been uploaded on the git server (GitHub, Bitbucket, etc). Once done, test your SSH key by running: ssh -vvv git#github.com (change address according to your git server)
I got around this problem by simply leaving the passphrase empty when creating the keys.
I would add that if you created the keys by hand, they might still be owned by you and not readable by jenkins, try:
sudo chown jenkins -R /var/lib/jenkins/.ssh/*
To check are the following:
if the right public key (id_rsa.pub) is uploaded to the git-server.
jenkins user will access to github -> to CHECK if the right private key (id_rsa) is copied to /var/lib/jenkins/.ssh/
if the known_hosts file is created inside ~/.ssh folder. Try ssh -vvv git#github.com to see debug logs. If thing goes well, github.com will be added to known_hosts.
if the permission of id_rsa is set to 755 (chmod 755 id_rsa)
After all checks -> try ssh -vvv git#github.com
Dont try to do config in jenkins until ssh works!
If you are running jenkins as a service in windows, you need to verify the user running the service. If you created the keys using the user "MACHINENAME\user", change the service so the user running it can match
For Mac users, the issue can be solved by removing the existing keys and creating new Private and Public Keys by following these steps:
1.Remove all Public and Private keys located at /Users/Username/.ssh
2.Remove all the credentials saved under the Credentials tab in Jenkins.
3.Remove the existing Public SSH keys defined in the Github Repository Settings.
4.Create new SSH keys (private and public: id_rsa and id_rsa.pub) by following the steps from https://confluence.atlassian.com/bitbucketserver/creating-ssh-keys-776639788.html#CreatingSSHkeys-CreatinganSSHkeyonLinux&MacOSX
5.Set the newly created public SSH key (id_rsa.pub) in Github or an equivalent Repository Settings.
6.In Jenkins,create new credentials by adding the private SSH key(id_rsa) for your Github username.
7.The Error should be removed now.
keys need to generated from jenkins user.
sudo su jenkins
ssh-keygen
once the key is generated, it should be added as ssh key in bitbucket or github.