search

microsoft / vscode-remote-release

Visual Studio Code Remote Development: Open any folder in WSL, in a Docker container, or on a remote machine using SSH and take advantage of VS Code's full feature set.
https://aka.ms/vscode-remote
Other
3.62k stars 277 forks source link

MFA Support for Remote Containers #4259

Closed ChrisSchipper closed 3 years ago

ChrisSchipper commented 3 years ago

Versions

VSCode Version: 1.52.1 Remote Extension/Connection Type: Docker Local OS Version: Windows 10 Pro OS Build 19041.685 Remote OS Version: Ubuntu 20.04 LTS

Feature Request

It would be useful to have support for MFA on the remote containers extension.

The container I am attempting to connect to is hosted on a server that requires key-based (RSA) connection with 2FA enabled. Technically, the remote containers extension works with this today; however, I receive ~22 push notifications for 2FA via Duo Mobile (the MFA service being used) when remoting into the docker container via the extension. After I am successfully loaded up inside the container, I receive 2-3 push notifications every minute or so until I close the remote container.

I am able to reproduce the 22 push notifications with only the Remote Containers extension enabled and the following devcontainer.json file:

{
    "name": "C# Sample",
    "build": {
            "dockerfile": "Dockerfile",
            "args": {
                    "VARIANT": "3.1",
                    "INSTALL_NODE": "false",
                    "NODE_VERSION": "lts/*",
                    "INSTALL_AZURE_CLI": "false"
            }
    },

    "settings": {
            "terminal.integrated.shell.linux": "/bin/bash"
    },

    "extensions": [
            "ms-dotnettools.csharp"
    ],

    "forwardPorts": [5000, 5001],

    "remoteUser": "vscode"
}

and the following Dockerfile:

ARG VARIANT="3.1"
FROM mcr.microsoft.com/vscode/devcontainers/dotnetcore:0-${VARIANT}

ARG INSTALL_NODE="true"
ARG NODE_VERSION="lts/*"
RUN if [ "${INSTALL_NODE}" = "true" ]; then su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi

ARG INSTALL_AZURE_CLI="false"
COPY library-scripts/azcli-debian.sh /tmp/library-scripts/
RUN if [ "$INSTALL_AZURE_CLI" = "true" ]; then bash /tmp/library-scripts/azcli-debian.sh; fi \
    && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts

Additionally, #4154 describes support for password entry when using remote containers. Would this allow for text-based MFA (i.e. Google Authenticator)?

chrmarti commented 3 years ago

Try reusing the existing SSH connection: https://github.com/microsoft/vscode-remote-release/issues/3938

Additionally, #4154 describes support for password entry when using remote containers. Would this allow for text-based MFA (i.e. Google Authenticator)?

Possibly, it might still suffer from the problem you describe here because Docker opens a new SSH connection for each command.

ChrisSchipper commented 3 years ago

Try reusing the existing SSH connection: #3938

I attempted this and am receiving the following error: err=getsockname failed: Not a socket

Based on the docs for remote-ssh and some other issue posts such as https://github.com/microsoft/vscode-remote-release/issues/629#issuecomment-503650294, it seems these settings are not supported on Windows.

Is there a supported workaround that allows Windows machines to take advantage of these .ssh/config settings, or is there a separate setting that can be used on Windows that allows reuse of existing SSH connections?

chrmarti commented 3 years ago

I wasn't aware of this not being supported on Windows. Thanks for the feedback.

You could try using WSL on Windows:

github-actions[bot] commented 3 years ago

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!