I have recently upgrade my VSCode version 1.10.2.
As I put passphrase on my private SSH key, it started to ask for it frequently even when I entered it multiple times, which is very annoying. Is there anyway I can get rid of it? Thanks.
Yes, you can avoid this prompt, without removing the passphrase.
To do so is usually fairly simple and relies on the ssh-agent program. First, before starting VSCode, at a bash shell prompt, run:
$ eval `ssh-agent`
This will start an ssh-agent process in the background that will remember the decrypted private key in its memory. The reason for eval is ssh-agent prints two environment variable settings that need to be added to the shell. (You can also just run it normally, then manually copy and paste its output back into the shell.)
Next, run:
$ ssh-add
This will prompt you for your passphrase, after which ssh-agent will provide private key services to any other process that needs it.
Finally, start VSCode from the same shell you ran the first command:
$ code
This way VSCode will inherit the environment variables it needs to get key services from ssh-agent, and therefore will not prompt for your passphrase so long as the ssh-agent process continues running.
Further References
Unfortunately, despite it being so useful, good (concise, readable) documentation on ssh-agent is hard to find. But here are some possibilities:
The man page is, as is typical for man pages, heavy on detail and light on examples.
The article http://rabexc.org/posts/using-ssh-agent is pretty good, and it covers some more advanced situations, especially agent forwarding.
The Stack Exchange question, "what's the purpose of ssh-agent?" is also good.
For Windows 10, if you have stumbled across this issue using the Remote - SSH plugin, run the following in powershell (as admin):
# Make sure you're running PowerShell as an Administrator
Set-Service ssh-agent -StartupType Automatic
Start-Service ssh-agent
Get-Service ssh-agent
(As suggested by the documentation that is pointed to by this comment on a git (non-)issue.)
The only solution I've found was remove the passphrase:
ssh-keygen -p
It will ask your current passphrase and leave blank the new passphrase to remove it.
Disable auto fetching with git.autofetch = false in the settings
There is a great guide on how to solve it in Windows here:
https://www.cgranade.com/blog/2016/06/06/ssh-keys-in-vscode.html
Summary:
Install Required Software (Putty)
Setup Private Keys (use ssh-keygen which will create private and public keys in .ssh folder)
Set up SSH Agent: have Pageant tool run on Windows startup
import your key to ppk format
Run PuTTYgen from the Start Menu and select File → Load Key.... From there, navigate to C:\Users\.ssh\ and select id_rsa (the private key). You may have to drop down the file types selector in the dialog box to see this, as PuTTYgen defaults to filtering out everything but files ending in *.ppk. Once selected, you’ll be prompted by PuTTY to unlock your key by typing in your passphrase. Do so, and PuTTYgen will show the corresponding public key. Select File → Save private key to export your private key in PuTTY, rather than OpenSSH, format. I suggest saving it as id_rsa.ppk in the same folder as id_rsa
run Pageant
Finally, run Pageant from the Start Menu (in the future, this will be handled automatically by the shortcut we created above). This will add a new icon to your system tray. It may be hidden by the arrow; if so, click the arrow to make all fo the system tray icons visible. Right-click on Pageant and select Add Key. Browse to where you saved id_rsa.ppk and select it. You’ll be prompted to unlock your key. Upon doing so, your unlocked key will then be made available in Pageant until you log out or quit Pageant.
Add fingerprints, in shell run one of those two (depending on your needs)
'C:\Program Files (x86)\PuTTY\plink.exe' git#github.com
'C:\Program Files (x86)\PuTTY\plink.exe' git#bitbucket.org
Configure GIT_SSH to be C:\Program Files (x86)\PuTTY\plink.exe
Related
I've been trying to write a powershell script that automates my windows workspace setup and configuration and am currently stuck trying to redirect input to WSL when executing it for the first time. The core of the problem is that Ubuntu's first launch prompts for a username and password, then logs in to a bash shell. I tried writing down the input lines into a text file like so:
Username
Password
Password
exit
Then, I tried redirecting the input of wsl to the file:
Start-Process ubuntu2004.exe -RedirectStandardInput stdin.txt -NoNewWindow -Wait
The above didn't work as executing WSL just starts spamming Enter new UNIX username: adduser: only one or two names allowed. I tried doing same in CMD with the < input redirection, but the result is the same.
This is not exactly the answer to your question, but in my opinion, ansible is better suited for such a task.
I myself recently became interested in assembling a workspace in wsl and ansible seemed to me the best solution.
Before starting the build, you will need to perform minimal steps (create a user and install several packages, all this can be placed in the readme), but then there will be no restrictions.
You can find several ready-made examples of wsl assembly via ansible on github.
A few ideas for setting the username/password in a new Ubuntu WSL instance:
First, a "PowerShell sendkeys" via COM or Interop might work for this. It's probably the closest in behavior to what you are actually asking.
Second, and perhaps most promising, I just tried this with a new Debian WSL installed from the Store (since I didn't want to mess with my Ubuntu install).
When running debian.exe (like ubuntu2004.exe), I let it run the install, then I Ctrl+C'd out of it when it started asking for the default username/password. At that point, the WSL instance is installed, but with only root. I assume that your script can let the command run for a certain period of time, then kill the process to replicate this.
From your script, you should then be able to run wsl -u root useradd --create-home --user-group --groups adm,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev --password "encryptedPassword" username (see here for creating the encrypted password). I think that will get you a stock Ubuntu user the way that WSL sets it up.
You'll then need to either create a /etc/wsl.conf file (instructions) letting the instance know that that user is the default, or LxRunOffline lists this as one of its features.
But I'd also throw in that you might just want to keep a "backup" of an existing WSL instance that you start from. Do a wsl --export <distroname> <imagename.tgz>, then you can import it when setting up the new Windows host by copying the tgz over and doing a wsl --import <DistroName> <DirectoryWhereYouwantItToLive> <imagename.tgz>.
If you want, you can keep this image up to date with your desired WSL configuration, so that you don't have to recreate it when you rebuild the Windows hosts. That said, this is where I do follow #Mystic's suggestion of using Ansible to store my WSL "configuration as code". It allows me to not only recreate my WSL instances, but also that same configuration when I set (or reset) a Linode host or another Linux system.
I'm using a macbook(MacOS) to connect to a remote Ubuntu server.
I copied the public ssh key to the server using ssh-copy-id and checked that the ssh key works on the terminal. When I do ssh username#x.x.x.x, connection is made without asking for password).
However, when I try to connect to the server through Visual Studio Code, VSCode keeps asking for password. Is there a way to fix this?
Thanks in advance!
It was a problem with the config file.
The VSCode needs the "absolute" path.
In case of MacOS, ssh-copy-id seems to only copy the absolute path relative to the user.
In other words, it omits "/Users/username" before "/.ssh".
Adding "/Users/username" in the IdentityFile attribute in .ssh/config solved the problem.
Check if this microsoft/vscode-remote-release issue 2518 applies:
You should be able to get out of this state by deleting the file (on the remote server side, as sudo root) in the log, /home/#####/.vscode-server/bin/78a4c91400152c0f27ba4d363eb56d2835f9903a/vscode-remote-lock.#####.78a4c91400152c0f27ba4d363eb56d2835f9903a (with unlink) or running the command "Kill VS Code Server on Host..."
If it happens again, you might try setting remote.SSH.useFlock.
The exact command to run in the command palette (View->Command Palette) is:
Remote-SSH: Kill VS Code Server on Host...
Also:
In my case, deleting entire ~/.vscode-server directory after connecting to the container through ssh using terminal worked.
(Deleting only ~/.vscode-server/bin did not work.)
The OP sukrama confirms in the comments having solved the issue
It was a problem with ssh key path in config file.
Here's a quick and handy fix: You do not have to delete the entire .vscode-server folder each time! The problem seems to be a file named 'vscode-remote-lock...'. It can be located inside a folder in ~/.vscode-server/bin/ . That file gets created at each ssh login through vscode. Run the following script on the remote host. It deletes that file whenever it is created:
while true
do
if ls /home/<your-username>/.vscode-server/bin/*/vscode-remote-lock.<your-username>.* 1> /dev/null 2>&1; then
find /home/<your-username>/.vscode-server/bin/*/ -name vscode-remote-lock.<your-username>.* -delete
echo "Killed the troublemaker! ^_^"
fi
done
The file names and the folder names may differ from machine to machine. So find the names on your machine and paste them in the script. Then run the script and you're good to go.
VSCode in my Windows machine was asking for password even with my key correctly configured (it works from the terminal).
My problem was that VSCode was choosing a wrong user. I was using a host configured in my ssh config file, and VSCode was setting the user as DOMAIN\user instead of user. I solved it configuring the correct user in my .ssh/config file:
Host dados
HostName vrt1234
User xxxxx
In case you're having this problem in Windows, keep in mind that the public/private keys that you might use to connect to a remote machine from WSL aren't the same ones that VS Code will use to connect from Windows. You need to create a separate public/private key pair for Windows, and export that private key to the remote server too.
From VS Code remote debug tips and tricks:
In a Powershell window, create a public/private key pair just as you would in a Linux terminal:
ssh-keygen -t rsa -b 4096
Then export it to the remote server:
export USER_AT_HOST="your-user-name-on-host#hostname"
export PUBKEYPATH="$HOME/.ssh/id_rsa.pub"
ssh $USER_AT_HOST "powershell New-Item -Force -ItemType Directory -Path \"\$HOME\\.ssh\"; Add-Content -Force -Path \"\$HOME\\.ssh\\authorized_keys\" -Value '$(tr -d '\n\r' < "$PUBKEYPATH")'"
Make sure you can connect via passwordless SSH via PowerShell.
Finally, in VS Code. press Ctrl+Shift+P to open the command palette and select "Remote-SSH: Open SSH Configuration File..." and edit the config file like so:
Host [convenient name]
HostName [hostname]
User [username]
IdentityFile C:\Users\[username]\.ssh\id_rsa*
Then when you run "Remote-SSH: Connect to Host..." in VS Code and choose the host above, it should connect without prompting for a password.
I had to use UseKeychain yes in my ~/.ssh/config file.
The config file looks like this:
Host server.tld
HostName server.tld
User user
UseKeychain yes
IdentityFile ~/.ssh/key
You have to enter ssh-add -K ~/.ssh/key to add your passphrase to KeyChain first.
Not enough rep to comment, but if you followed the steps from this Stack Overflow post and are still running into issues, your VSCode Remote-SSH config file path may not be set.
Make sure that the setting remote.SSH.configFile is set to ~/.ssh/config.
You could also type Ctrl + Shift + P to open the Command Palette.
Inside the Command Palette type,
Remote-SSH: Kill VS Code Server on Host...
You will be required to type in your server password for it to work.
In case this helps someone, i had a similar issue where VSC was asking for a password (instead of a passphrase).
I noticed that my key was on a network drive and it looks like VSC cannot read it there.
I moved it to a local file (C:) and it worked.
For me it was that my public auth ssh was not working and my home directory permissions were the problem. I had to remove group and other write permissions to my home directory and then everything worked:
chmod go-w ~/
(macos+vscode)
Only this worked for me:
https://www.backarapper.com/add-ssh-keys-to-ssh-agent-on-startup-in-macos/
ie: adding the key by ssh-add and then writing this in the ~/.ssh/config file:
Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/[your-secure-ssh-key-name]
Is there a way in PS 5.1 to reuse the PuTTY agent keys?
Now, the details.
To use key agents one has an Agent that holds the keys (left box), and Client Applications that delegate administration of the keys (right box).
E.g., client application C1=putty can use its own agent A1=pageant, of course.
Client application C2=winscp knows how to use directly A1.
Certain Clients cannot use certain Agents directly, but there are Proxy agents that bridge the gap.
For instance to use A1 with C3, I need Proxy P1=ssh-pageant, see example below.
This helps centralizing in a single Agent the keys for many Clients.
Now I mean to use A1 for all my Clients (currently, only missing A1-C5 and A1-C6).
Is there a way in PS 5.1 to reuse the same PuTTY agent keys?
(I.e., a Proxy Px to use A1 with C5)
Possibly helpful:
https://superuser.com/a/1173570/245595
NOTES:
I did not try it, but it seems like winssh-pageant is a Proxy to link A2 with Client applications that understand A1 directly.
I am currently trying to use in PS the same ssh-pageant from msys2 (it is a Windows program in the end, and often times they do work), manually replacing what eval does in msys2 (so far with no luck, but I think this is fixable):
> cd <dir where ssh-pageant is>
> .\ssh-pageant -r -a "$env:USERPROFILE\tmp\.ssh-pageant-$env:USERNAME"
SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'; export SSH_AUTH_SOCK;
SSH_PAGEANT_PID=714; export SSH_PAGEANT_PID;
echo ssh-pageant pid 714;
> $env:SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'
> $env:SSH_PAGEANT_PID=714
> ssh myserver
Enter passphrase for key 'C:\Users\USER1/.ssh/id_rsa':
As an alternative workaround, is there a non-admin (I wouldn't want to interfere with it) way to load keys into a separate agent such that when I start a PS session it uses those other keys, and which allows me to keep working with my reused keys in msys2?
This would perhaps amount to using a two different agents at the same time...
weasel-pageant is such a proxy agent (based on Cygwin's ssh-pageant), for WSL (A1-C7)... still looking for a solution for PS.
ssh-agent-wsl
is a fork of weasel-pageant that includes support for using keys held by Microsoft's SSH Agent service (instead of PuTTY Pageant) (A2-C7... I guess it's remarkable that WSL needs a proxy to use Win OpenSSH agent).
Example on how to use "Proxy" agent ssh-pageant to link PuTTY pageant with Cygwin bash
The steps to achieve this are:
When I start my session in Windows, the portable PuTTY agent (pageant) is executed, loading at the same time one key.
For this, a shortcut pageant is added to C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, pointing at %myputty%\pageant.exe "%mykeys%\key1.ppk".
This makes the key usable by PuTTY and WinSCP, e.g.
But if I now enter a PS session, or an msys2/cygwin terminal, the keys would not be used, and I am asked for the password for the keys.
So if I now
$ ssh myserver
Enter passphrase for key 'C:\Users\USER1/.ssh/id_rsa':
In msys2/cygwin I can use ssh-pageant ("An SSH authentication agent for Cygwin/MSYS that links OpenSSH to PuTTY's Pageant"), such that it reuses whatever keys a previously loaded PuTTY agent has.
For this purpose, I simply add eval $(/usr/bin/ssh-pageant -r -a "/tmp/.ssh-pageant-$USERNAME") to my ~/.bashrc of msys2.
Now whenever I start an msys2 terminal, the link PuTTY's Pageant -> ssh-pageant is established, a couple of environment variables are created, and I can ssh without entering the password
$ env | grep -i ssh
SSH_AUTH_SOCK=/tmp/.ssh-pageant-USER1
SSH_PAGEANT_PID=960
$ ssh myserver
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-40-generic x86_64)
...
Judging from this, it seems the same can be achieved for Git bash.
Related:
http://rabexc.org/posts/pitfalls-of-ssh-agents
How to check if ssh-agent is already running in bash?
https://superuser.com/questions/1327633/how-to-maintain-ssh-agent-login-session-with-windows-10s-new-openssh-and-powers
https://superuser.com/questions/1293725/gpg-agent-under-windows-as-ssh-agent-for-git-bash
I made this work, using the same Cygwin tools (i.e., both ssh-pageant and Cygwin OpenSSH client) in a PS session.
So I would do (assuming ssh-pageant is already running from Msys2):
> cd <dir where ssh-pageant is>
> .\ssh-pageant -r -a "$env:USERPROFILE\tmp\.ssh-pageant-$env:USERNAME"
SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'; export SSH_AUTH_SOCK;
> $env:SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'
> .\ssh myserver
Logged in to myserver
I have added this to my profile.ps1 (again, it will work when ssh-pageant is already running when I start the PS session)
$env:MSYS2_DIR=<mydir>
# Assuming a proxy ssh agent is already running
$env:SSH_AUTH_SOCK="$env:MSYS2_DIR\tmp\.ssh-pageant-$env:USERNAME"
# We have to make sure we use Msys2 OpenSSH ssh client, not Windows OpenSSH ssh client
function ssh_msys2 {
& $env:MSYS2_DIR\usr\bin\ssh.exe $args
}
If an ssh-pageant is not yet active, this should work (not tested yet; the PID number may be different):
> cd <dir where ssh-pageant is>
> .\ssh-pageant -r -a "$env:USERPROFILE\tmp\.ssh-pageant-$env:USERNAME"
SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'; export SSH_AUTH_SOCK;
SSH_PAGEANT_PID=714; export SSH_PAGEANT_PID;
echo ssh-pageant pid 714;
> $env:SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'
> $env:SSH_PAGEANT_PID=714
> .\ssh myserver
Logged in to myserver
Still have to test a couple of points, and automate the operation.
In particular, executing ssh-pageant, detecting the PID # if it is returned, and setting environment variable SSH_PAGEANT_PID from PS if that is the case.
This is a little bit more cumbersome than in Msys2, since ssh-pageant spits something directly executable by bash.
Is there any way to save the PuTTY output to a file using the command line? I know this is easily done using the GUI but in my case it has to be done automatically.
What I'm working on:
User clicks batch file -> starts PuTTY, automatically connects to my device over SSH and runs a bunch of commands -> PuTTY should save the output to a file.
The last part I can't get working. Is there any command to do this?
This can be done with putty. The answer is little late considering the time the questions was asked, however this might help someone.
In putty, using GUI, you can save sessions with logging option on, as shown below.
Enter Host Name, Name the session, Go to Logging Option in the left top corner, select all sessions, provide log file name and location, go back to Session tab, click on the save button. Done, you have saved a session.
Now open CMD and write the command as below
You are done. Every time this session is invoked, the commands and output will be logged.
Hope this helps.
The specific program putty is not designed for this. Instead use plink, a different program in the PuTTY suite,
which uses the same session settings and keys as putty but gets input from stdin and puts output to stdout,
both of which can be redirected in the usual ways. See http://the.earth.li/~sgtatham/putty/0.63/htmldoc/Chapter7.html#plink .
As mentioned in previous answer, use plink for this.
Make sure it is in your environment path, by typing
plink -V
in your console. If it returns a version number, then you know it is in environment path variables. If it doesn't, probably best to fix this first. There are plenty of good SO answers to help you with this. Failing that, use the full path to your plink.exe in the CLI command that follows.
Then use plink to open your ssh connection, with the option -v set to provide verbose output. Finally, this all needs to be piped to a log file.
The complete cli command that I use is
plink -v username#xxx.xxx.xxx.xxx > ssh-output.log 2>&1
Open up the file ssh-ouput.log to see the results.
Expanding on Dave's and Charlie's answers...
Apart from making sure plink is in the path, also check whether you have write access to local ouput file.
This is how you redirect command output from remote machine to local file with plink. In this example we store an output from man page for nfcapd:
plink joe#192.168.50.50 -pw joespassword man nfcapd > output.log 2>&1
The first time you try to access the server, it will ask you store key in cache. So make sure to access the machine at least once before:
plink joe#192.168.50.50 -pw joespassword
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
...
Store key in cache? (y/n)
I have been trying to deploy my app into the Fortrabbit servers using the command line. I'm using windows. Here is what I tried :
C:\projects\riwaya>git remote add fort git#git2.eu1.frbit.com:riwaya.git
C:\projects\riwaya>git remote fort
C:\projects\riwaya>ssh u-riwaya#ssh2.eu1.frbit.com
'ssh' is not recognized as an internal or external command, operable program or batch file.
I have watched This Laracast Video and did the same as Jeffrey but it doesn't work ...
Can somebody help ?
Actually you have 2 problems here: First is that you don't have ssh installed, second is that you don't know how to deploy
Install SSH
It seems that ssh is not installed on your computer.
You can install openssh from here : http://openssh.en.softonic.com/download
Generate your key
Than you will have to geneate your ssh-key. There's a good tutorial about this here:
https://help.github.com/articles/generating-ssh-keys#platform-windows
Deploy
To deploy, you just have to push your code over git. Something like this:
git push fort master
If you get permission denied, be sure that you have put your public_key in the dashboard in the git tab.
SSH
The ssh command gives you access to your remote node. You should have received a password by email and now that you have ssh installed, you should be asked for a password when trying to connect. just input that password. If you want to use your private ssh key to connect to your server rather then typing that password, you can follow this : http://fortrabbit.com/docs/how-to/ssh-sftp/enable-public-key-authentication
For Windows, first install the git base from here: https://git-scm.com/downloads
Next, set the environment variable:
Press Windows+R and type sysdm.cpl
Select advance -> Environment variable
Select path-> edit the path and paste the below line:
C:\Program Files\Git\git-bash.exe
To test it, open the command window: press Windows+R, type cmd and then type ssh.
First of all Go to browser and install openssh here: https://github.com/PowerShell/Win32-OpenSSH/releases
Next step, extract rar file into folder and then copy and paste it in your drive.
after that run command: ssh it should work.
Next step is right click on shh in openssh folder and go to properties. Copy the path
and paste it in system variables in edit environment variables.
It will work fine.
TLDR, add this to settings.json
"terminal.integrated.env.windows":
{
"PATH": "C:/Windows/System32/OpenSSH",
},
Just found a case when the integrated terminal hasn't recognized 'ssh' as command, but you tried 'ssh' that was working on external terminals like CMD, git-bash.
That means you didn't add PATH variable to your integrated terminal.
If anyone looking for solution even now, here is how I did it for my Windows 10 machine.
Start > type 'Manage Optional Features'
Add Feature [+]
Look for OpenSSH client & select & install
After successful installation, open (close if already opened) powershell or command prompt and run ssh!