5

We use kerberos authentication for connecting to our on-prem computing environment. I'd like to use visual studio code remote to do development directly on that server. Based on this section in the vscode remote documentation, it seems like it's possible to use password-based authentication, which works for me, but it would be nice if I could use existing kerberos authentication, instead of having to type my password every time I start up a vscode session.

I've tried searching through the documentation above, but I can't figure out if kerberos is supported. I would like to know if I should respectfully raise an issue on the issue tracker.

Zane Dufour
  • 830
  • 1
  • 9
  • 19

7 Answers7

7

Update from March 2020.

I've used plain PuTTY (plink.exe) to connect from VsCode with kerberos using those simple steps.

  1. Define a session inside PuTTY that opens a ssh shell to your remote machine, save it as remote.
  2. Create "C:\Users\< youruser >\ssh.bat" with the contents below. You need echo to fool VsCode that it's OpenSSH client. 
    echo OpenSSH
SET mypath=%~dp0
powershell %mypath%ssh.ps1 %*
    1. Create powershell script ssh.ps1 in the same folder with these contents:
$ArgArray = [System.Collections.ArrayList]$Args
$ind = $ArgArray.IndexOf("-F")
if ($ind -ge 0) {
  $ArgArray.RemoveAt($ind)
  $ArgArray.RemoveAt($ind)
}
Write-Host $ArgArray
& 'C:\Program Files\PuTTY\plink.exe' $ArgArray

Theoretically you can write it in batch language but I did not want to suffer.

  1. Set "remote.SSH.path" setting in VsCode to your ssh.bat path.
  2. Finally, add ssh host configuration in vscode and use session name as host:
 Host remote
     HostName remote
     User <you ssh user>
Roman
  • 1,351
  • 11
  • 26
  • 2
    For those not familiar with powershell, the bat file should really read `powershell -NoProfile -ExecutionPolicy Bypass %~dp0ssh.ps1 %*`. This still works (and is needed) August 2020 1.48.2, the only catch was I had was I needed to increase the ssh timeout (due to my ssh server being slow). Thanks for this! – Andy Sep 01 '20 at 22:53
  • 1
    can confirm this method worked for me today using vscode 1.59.0 https://github.com/microsoft/vscode-remote-release/issues/250#issuecomment-896215333 – blaylockbk Aug 10 '21 at 20:30
2

Currently this is not possible. There is a feature request about this which has been closed because it will not be implemented in the foreseeable future.

Brady Dowling
  • 4,920
  • 3
  • 32
  • 62
1

My tweak on @Roman's batch script

@echo off

for %%x in (%*) do (
  REM Handle -V
  IF "%%x" == "-V" GOTO :version
  REM Handle vscode remote as special for plink only
  IF "%%x" == "remote" GOTO :plink
)
REM use the built in ssh by default
GOTO :default_ssh

:version
echo OpenSSH
GOTO :eof

:plink
powershell -NoProfile -ExecutionPolicy Bypass %~dp0ssh.ps1 %*
GOTO :eof

:default_ssh
ssh.exe %*
GOTO :eof

It allows you to only use plink for the vscode "remote" server name (I have my reasons), so everything behaves as normal unless you choose hostname remote

Andy
  • 2,982
  • 1
  • 19
  • 23
0

If you have a Kerberos-integrated SSH client for Windows it should work. I'm not sure if the Microsoft openSSH for Windows 10 / Server 2019 is Kerberos-integrated or not. The one that comes with Git for Windows is not.

If you have a Kerberos-enabled version of PuTTY, you can make a small hack to use plink.

This broke with the June release

Create the file C:\Program Files\Microsoft VS Code\bin\ssh.bat The file location will be different if VScode is installed in your home directory. Put the following in the file. Adjust the plink path to your PuTTY directory.

"C:\Program Files (x86)\Centrify\Centrify PuTTY\plink.exe" -ssh -K %*
aviso
  • 2,371
  • 1
  • 14
  • 15
0

I wrote a very tiny wrapper for plink.exe.

(It just fakes version string with openssl's and remove unsupported '-T' option.)

I don't use with kerberos but it might help with settings like aviso's answer.

Please give it a try.

benok
  • 688
  • 1
  • 6
  • 21
0

I would have commented on Roman answer, but it appears I do not have enough reputation.

I followed his steps, except that I put the plink.exe path for "remote.SSH.path" instead of the "ssh.bat". My path to plink.exe is simply "C:\Program Files\PuTTY\plink.exe".

I tried multiple things and to date, this is the only one that worked for me.

unalignedAccess
  • 1
  • 1
    If you call plink directly, the first thing vscode does is run `${ssh} -V` and if it does not match the regex `/OpenSSH/` then it ignores your custom ssh, and searches its own defaults. So what you are actually doing is still using the "not plink" ssh client – Andy Sep 01 '20 at 22:50
0

Another tweek for @Roman's and @Andy's ssh.bat script that worked for me; I specify several hosts to use plink.

@echo off

if %1 == -V GOTO :version
if %4 == "myFirst.remoteHost.address" GOTO :plink
if %4 == "mySecond.remoteHost.address" GOTO :plink
if %4 == "myThird.remoteHost.address" GOTO :plink

REM use the built in ssh by default
GOTO :default_ssh

:version
echo OpenSSH
GOTO :eof

:plink
powershell -NoProfile -ExecutionPolicy Bypass %~dp0ssh.ps1 %*
GOTO :eof

:default_ssh
ssh.exe %*
GOTO :eof
blaylockbk
  • 2,503
  • 2
  • 28
  • 43