search

Natizyskunk / vscode-sftp

Super fast sftp/ftp extension for VS Code
Other
373 stars 68 forks source link

1Password SSH-Agent Support #151

Open bbeckford opened 2 years ago

bbeckford commented 2 years ago

Is this a similar or duplicate feature request?

Is your feature request related to a problem? Please describe. I can't get vscode-sftp to connect over SFTP using the 1Password SSH Agent

Describe the solution you'd like Please add support for (or let me know how to configure) 1Password's great new SSH Agent on Windows 10/11

Describe alternatives you've considered I've tried the following, setting "agent" to "\\\\.\\pipe\\openssh-ssh-agent", but it just gives me an error stating "Error: Cannot parse privateKey: Encrypted OpenSSH private key detected, but no passphrase given" "agent": "\\\\.\\pipe\\openssh-ssh-agent",

As far as I can tell, 1Password takes over from the OpenSSH agent on Windows 11, I have managed to get it working great in Windows Terminal using ssh/ssh-add -l and on GitHub Desktop.

Am I using the wrong value for "agent"? Could you give us a list of valid agents we can use?

Thanks!

Does this project help you?

jondspicer commented 2 years ago

This would be so great, just using 1password agent for everything would so helpful!!!

sharmilaccd commented 2 years ago

Omg this would be AMAZING yes please!!

ultimate-rob commented 2 years ago

this sounds awesome, I didn't know 1password had an SSH agent! Now I do, I want this!!!!

bbeckford commented 2 years ago

I tried to get this working using winssh-pageant to forward Pageant to the 1Password agent instead. I get the prompt to unlock 1Password now so it is connecting, but then the handshake times out.

Can anyone tell what is wrong from the debug output?

[04-21 16:03:35] [trace] run command 'List'
[04-21 16:03:35] [info] Using profile: mywebsite.co.uk
[04-21 16:03:36] [debug] Custom crypto binding not available
[04-21 16:03:36] [debug] Local ident: 'SSH-2.0-ssh2js1.5.0'
[04-21 16:03:36] [debug] Client: Trying 123.123.123.123 on port 22 ...
[04-21 16:03:36] [debug] Socket connected
[04-21 16:03:36] [debug] Remote ident: 'SSH-2.0-OpenSSH_7.4'
[04-21 16:03:36] [debug] Outbound: Sending KEXINIT
[04-21 16:03:36] [debug] Inbound: Handshake in progress
[04-21 16:03:36] [debug] Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
[04-21 16:03:36] [debug] Handshake: (remote) KEX method: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[04-21 16:03:36] [debug] Handshake: KEX algorithm: curve25519-sha256@libssh.org
[04-21 16:03:36] [debug] Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
[04-21 16:03:36] [debug] Handshake: (remote) Host key format: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
[04-21 16:03:36] [debug] Handshake: Host key format: ssh-ed25519
[04-21 16:03:36] [debug] Handshake: (local) C->S cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
[04-21 16:03:36] [debug] Handshake: (remote) C->S cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
[04-21 16:03:36] [debug] Handshake: C->S Cipher: aes128-gcm@openssh.com
[04-21 16:03:36] [debug] Handshake: (local) S->C cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
[04-21 16:03:36] [debug] Handshake: (remote) S->C cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
[04-21 16:03:36] [debug] Handshake: S->C cipher: aes128-gcm@openssh.com
[04-21 16:03:36] [debug] Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: (remote) C->S MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: C->S MAC: <implicit>
[04-21 16:03:36] [debug] Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: (remote) S->C MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: S->C MAC: <implicit>
[04-21 16:03:36] [debug] Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
[04-21 16:03:36] [debug] Handshake: (remote) C->S compression: none,zlib@openssh.com
[04-21 16:03:36] [debug] Handshake: C->S compression: none
[04-21 16:03:36] [debug] Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
[04-21 16:03:36] [debug] Handshake: (remote) S->C compression: none,zlib@openssh.com
[04-21 16:03:36] [debug] Handshake: S->C compression: none
[04-21 16:03:36] [debug] Outbound: Sending KEXECDH_INIT
[04-21 16:03:36] [debug] Received DH Reply
[04-21 16:03:36] [debug] Host accepted by default (no verification)
[04-21 16:03:36] [debug] Host accepted (verified)
[04-21 16:03:36] [debug] Outbound: Sending NEWKEYS
[04-21 16:03:36] [debug] Inbound: NEWKEYS
[04-21 16:03:36] [debug] Verifying signature ...
[04-21 16:03:36] [debug] Verified signature
[04-21 16:03:36] [debug] Handshake completed
[04-21 16:03:36] [debug] Outbound: Sending SERVICE_REQUEST (ssh-userauth)
[04-21 16:03:36] [debug] Inbound: Received SERVICE_ACCEPT (ssh-userauth)
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (none)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: none auth failed
[04-21 16:03:36] [debug] Agent: Trying key #1
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: Agent key #1 failed
[04-21 16:03:36] [debug] Agent: Trying key #2
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: Agent key #2 failed
[04-21 16:03:36] [debug] Agent: Trying key #3
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: Agent key #3 failed
[04-21 16:03:36] [debug] Agent: Trying key #4
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_PK_OK
[04-21 16:03:46] [debug] Outbound: Sending DISCONNECT (11)
[04-21 16:03:46] [error] Error: [123.123.123.123]: Timed out while waiting for handshake
    at Client.<anonymous> (c:\Users\myusername\.vscode\extensions\natizyskunk.sftp-1.15.13\dist\extension.js:2:242828)
    at Client.emit (node:events:402:35)
    at Client.emit (node:domain:475:12)
    at Timeout._onTimeout (c:\Users\myusername\.vscode\extensions\natizyskunk.sftp-1.15.13\node_modules\ssh2\lib\client.js:1016:16)
    at listOnTimeout (node:internal/timers:557:17)
    at processTimers (node:internal/timers:500:7) 
[04-21 16:03:46] [debug] Socket closed
[04-21 16:03:46] [trace] run command 'Toggle Output Panel'
Paulo--M-- commented 1 year ago

I second this request. It would be extremely useful.

fharper commented 1 year ago

The initial request if for Windows, but I assume it would be the same for macOS users. I moved all my SSH keys to 1Password, and it's working wonderfully with everything else using SSH :)

awohsen commented 1 year ago

-not related to the topic-

I've been reading throw this answer to use KeePassXC as my ssh-agent helper and ssh_key store. but got stuck where sftp extension only accepts pageant on windows and thanks to @bbeckford found the "\\\\.\\pipe\\openssh-ssh-agent" OpenSSH agent socket path(I guess?) and now it's working!

lroehrs commented 1 year ago

For MacOS you have to use the complete path. 

[
    {
        "name": "<>
        "host": "<>",
        "protocol": "sftp",
        "port": 22,
        "username": "<>",
        "agent": "/complete_path/to/1password/t/agent.sock",
        "remotePath": "<>",
        "uploadOnSave": true,
        "ignore": [
            ".vscode",
            ".git",
            ".DS_Store"
        ]
    }
]
fharper commented 1 year ago

Weirdly, it doesn't work for me on MacOS, even with the full path like @lroehrs suggested.

First, I get the [warn] Config Option Conflicted. You are specifying "agent" and "privateKey" at the same time, the later will be ignored. warning, which isn't true as I removed privateKey and added the agent setting. I also have no other configuration files, so I have no idea why it's warning me about this.

1Password doesn't ask me to allow the connection so I guess it doesn't connect to the agent at all. I get the [error] Error: [website.com]: All configured authentication methods failed error.

H-Toine commented 4 months ago

I got it to work on Windows with the agent set to pageant, and I didn't set a privateKeyPath (because 1Password manages this).

I did have to install winssh-pageant (which is generally useful for openSSH compatibility with 1Password and ssh apps that use pageant, like WinSCP)

"agent" : "pageant",

If it doesn't work. Check if you have the "normal" pageant turned on, turning it off and trying again.

Full sftp.json

{
    "name": "<>",
    "host": "<>",
    "protocol": "sftp",
    "port": 22,
    "username": "<>",
    "remotePath": "<>",
    "uploadOnSave": true,
    "useTempFile": true,
    "openSsh": true,
    "agent" : "pageant",
    "ignore": [
        ".vscode",
        ".git",
        ".DS_Store",
    ]
}
torchsmith commented 2 months ago

For me setting the ssh agent works fine (on macos). HOWEVER, the extension seems to be ignoring my ssh config and not reading the hosts I have set causing it to loop through all my keys and hitting a "Too many auth failures" error.

Also it appears the extension doesn't support text-only hosts example: "example"