search

microsoft / vscode-remote-release

Visual Studio Code Remote Development: Open any folder in WSL, in a Docker container, or on a remote machine using SSH and take advantage of VS Code's full feature set.
https://aka.ms/vscode-remote
Other
3.69k stars 297 forks source link

PuTTY Pageant #61

Open lars18th opened 5 years ago

lars18th commented 5 years ago

Hi,

We need to support PuTTY pageant too instead of only plain certificate files. It will be added soon?

Regards.

ponchofiesta commented 3 years ago

OpenSSH agent for Windows does not support Smartcards. With support for Pageant we could get Smartcard support too (PuTTY-CAC). +1 for this.

SommerEngineering commented 3 years ago

In our case, the scripts / batch files mentioned here did not work. Also the wsl-ssh-pageant variant did not work. However, a small Go program helped us: https://github.com/benok/ssh2plink. With it everything worked without any issues. The solution in Go is so simple that Microsoft could deliver this small tool together with the extension.

alv000h commented 2 years ago

as stated before and as per clarification.

To keep the plink working, first of all you have to configure a session in putty named exactly like target server you want to connect (use your FQDN or IP), this must login at the target server using preconfigured user and pageant loaded key or predefined ssh key

my tests with .ssh/config configurations seems not work (maybe plink not use this file...), instead you can configure things in putty and store it as putty sessions...

after that, you can place this script over there and configure it in Remote.SSH: Path 

@echo off
REM TARGET HOST MUST BE a Session saved in putty because it not indicates user when launch ssh command, so putty load that session with user preconfigured
set SCRIPTDIR=%~dp0
if ARG%1==ARG-V goto :VERSION
"C:\Program Files\PuTTY\plink.exe" -ssh -agent %*

goto :EOF
:VERSION
echo "OpenSSH wrapper for plink"
:EOF
DonEstefan commented 2 years ago

"remote ssh" should be working with pageant version 0.77 Support for "remote WSL" already landed in the pageant development snapshots , which you can find here (WSL1 only)

corford commented 2 years ago

Can confirm @donestefan's comment. Pageant now has in-built support for exposing a pipe to the Windows openssh client. No need for plink, wsl-ssh-pageant or BAT files. Just follow the simple instructions here: https://the.earth.li/~sgtatham/putty/0.77/htmldoc/Chapter9.html#pageant-cmdline-openssh

guldil commented 1 year ago

@corford @DonEstefan i follow indication but my Windows 11 ssh doe's reconize pageAnt agent...

file is correctly created in my c:\Users\.ssh\ folder and i include it in my c:\Users\.ssh\config and i have an error : Authenticator provider $SSH_SK_PROVIDER did not resolve;

goldfita commented 1 year ago

I was able to get this working using using the .bat wrapper, but I can't figure out a way to do it without putting my password in the .bat file. I'm stuck with putty v0.76 which uses the '-pw' flag. The remote connection seems to recognize the password prompt, but it doesn't give me a chance to enter a password. If I set remote.SSH.showLoginTerminal=false, it opens a dialog at the top which says "Enter password for ...", but it has already sent a password ("Sent password" in the output window)! And it opens another dialog that says "Could not establish connection to ...".

benliddicott commented 1 year ago

I was able to get this working using using the .bat wrapper, but I can't figure out a way to do it without putting my password in the .bat file. I'm stuck with putty v0.76 which uses the '-pw' flag. The remote connection seems to recognize the password prompt, but it doesn't give me a chance to enter a password. If I set remote.SSH.showLoginTerminal=false, it opens a dialog at the top which says "Enter password for ...", but it has already sent a password ("Sent password" in the output window)! And it opens another dialog that says "Could not establish connection to ...".

I don't use the .bat wrapper any more, this has been fixed for many months.

I just use the default config, it works for me now.

binarweb commented 1 year ago

@benliddicott Could you explain how you did it? You said it's been working for months, but I can't get it to work. The .bat version works for standard port, but doesn't on not standard port. I'm using the latest VSCode 1.79.2.

benliddicott commented 1 year ago

@benliddicott Could you explain how you did it? You said it's been working for months, but I can't get it to work. The .bat version works for standard port, but doesn't on not standard port. I'm using the latest VSCode 1.79.2.

For me, this has been working for a few years now, and I no longer use this solution.

So I can't comment on why it is not working for you.

amr-tewfik commented 1 year ago

Hi,

We need to support PuTTY pageant too instead of only plain certificate files. It will be added soon?

Regards.

And by plain you mean putty certificates? ssh-agent works flawlessly.

binarweb commented 1 year ago

@amr-tewfik how did you made ssh-agent to work flawlessly? I have the ssh-agent running with the certificates and the latest VSCode still asks me for the certificate password every time.

benliddicott commented 1 year ago

@binarweb I find that I no longer need a workaround, the standard Windows SSH now works perfectly.

If you have existing PuTTY keys, you can export them from PuTTY, and use them in Windows SSH in the normal way?

binarweb commented 1 year ago

@benliddicott What is "Windows SSH"? I've search for it, no relevant results came up. Is it a built-in tool in Windows? Does it have pagent? If it doesn't, how do you add your existing keys? Thanks!

DonEstefan commented 1 year ago

@benliddicott What is "Windows SSH"? I've search for it, no relevant results came up. Is it a built-in tool in Windows? Does it have pagent? If it doesn't, how do you add your existing keys? Thanks!

"Windows SSH" relates to the windows version of the openssh command line tools collection, which are included in modern windows versions (see C:\Windows\System32\OpenSSH\*.exe). This is what microsoft tools like vscode use for ssh connections. Connections that work with openssh should automatically work with vscode, too. The ssh-agent.exe and ssh-add.exe commands can replace pageant (you'll find several guides online). If you don't like these replacements and want to keep using pageant, just follow these instructions. This allows windows ssh (and thus vscode) to use keys from pageant. Make sure to use a current version of pageant and to remove all older workarounds you might have hacked into vscode from the comments above (.bat files, etc...).

DonEstefan commented 1 year ago

I wonder if this ticket can be closed:

I'm not sure what vscode could add on top of that. Apart from documenting the cases above, maybe...

amr-tewfik commented 1 year ago

@amr-tewfik how did you made ssh-agent to work flawlessly? I have the ssh-agent running with the certificates and the latest VSCode still asks me for the certificate password every time.

I asume you already added your key with ssh-add.exe. Then you need to run it as a service. In PowerShell type:

Start-Service ssh-agent
Set-Service ssh-agent -StartupType Automatic
amr-tewfik commented 1 year ago

@benliddicott What is "Windows SSH"? I've search for it, no relevant results came up. Is it a built-in tool in Windows? Does it have pagent? If it doesn't, how do you add your existing keys? Thanks!

Yes, ssh and ssh-agent are part of Windows without any installation at least since Windows Server 2019/Windows 10. ssh-agent is the equivalent to pageant. If you already have existing putty keys, you can export them instead of using ssh-keygen.exe.

It's basically:

ssh-keygen.exe -t rsa -C "your_email@example.com"
ssh-add.exe .ssh/id_rsa 
Start-Service ssh-agent
Set-Service ssh-agent -StartupType Automatic
binarweb commented 1 year ago

@benliddicott What is "Windows SSH"? I've search for it, no relevant results came up. Is it a built-in tool in Windows? Does it have pagent? If it doesn't, how do you add your existing keys? Thanks!

"Windows SSH" relates to the windows version of the openssh command line tools collection, which are included in modern windows versions (see C:\Windows\System32\OpenSSH*.exe). This is what microsoft tools like vscode use for ssh connections. Connections that work with openssh should automatically work with vscode, too. The ssh-agent.exe and ssh-add.exe commands can replace pageant (you'll find several guides online). If you don't like these replacements and want to keep using pageant, just follow these instructions. This allows windows ssh (and thus vscode) to use keys from pageant. Make sure to use a current version of pageant and to remove all older workarounds you might have hacked into vscode from the comments above (.bat files, etc...).

It works perfectly. I used https://the.earth.li/~sgtatham/putty/0.77/htmldoc/Chapter9.html#pageant-cmdline-openssh Thank you!

jtmoon79 commented 11 months ago

Pageant is the most well-established SSH key manager for Windows and should be supported "out of the box" by VS Code.

I appreciate others posting their workarounds here. In my case, they are too much work for one of the most basic SSH features. In my case, I don't have Administrator access on the Windows PC, and I'm managing multiple Windows PCs that have "floating developers" (long story).

SSH Credential querying with Pageant should be a checkbox item in the Remote-SSH Extension settings, i.e. "[ ] Query the running Pageant instance for SSH credentials" (or something like that)

benliddicott commented 10 months ago

I appreciate others posting their workarounds here. In my case, they are too much work for one of the most basic SSH features. In my case, I don't have Administrator access on the Windows PC, and I'm managing multiple Windows PCs that have "floating developers" (long story).

SSH Credential querying with Pageant should be a checkbox item in the Remote-SSH Extension settings, i.e. "[ ] Query the running Pageant instance for SSH credentials" (or something like that)

Pageant is the most well-established SSH key manager for Windows and should be supported "out of the box" by VS Code.

PuTTY and Pageant were once essentials. But now, I find that the new Windows Console is better than PuTTY, and the system openssh works perfectly. I no longer use PuTTY for SSH.

suningzhao1126 commented 2 months ago

well-established SSH key manager for Windows and should be su

Hi, I have a problem while connecting Linux remote server with keys generated from PuTTY. My key is DSA 1024 format. I can connect to the server using PuTTY perfectly, but I struggle to connect with VS code.

If I convert the key using PuTTYgen, it does not work. It keeps asking me to enter the password, but I didn't have that. If I tried to generate a "pageant.conf" and include that, it still ask me to enter the password but I have my key in Pageant already.

Felt upset and would like to know how to really solve it. I am a beginner to Linux server. Thanks!

powerpbx commented 2 months ago

well-established SSH key manager for Windows and should be su

Hi, I have a problem while connecting Linux remote server with keys generated from PuTTY. My key is DSA 1024 format. I can connect to the server using PuTTY perfectly, but I struggle to connect with VS code.

If I convert the key using PuTTYgen, it does not work. It keeps asking me to enter the password, but I didn't have that. If I tried to generate a "pageant.conf" and include that, it still ask me to enter the password but I have my key in Pageant already.

Felt upset and would like to know how to really solve it. I am a beginner to Linux server. Thanks!

Are you selecting Conversion > Import Key in PuttyGen?

If you open the DSA key in a text editor, what does it say underneath the -----BEGIN DSA PRIVATE KEY----- line?

If it says something like Proc-Type: 4,ENCRYPTED then your DSA key is passphrase encrypted and that is what PuttGen is asking for when you try import it.

You say you can connect to the server using PuTTY. If so, you already have a functioning private PuTTY key so I am not sure why you are trying to convert some other private OpenSSH key to PuTTY.

powerpbx commented 2 months ago

Btw, Windows OpenSSH can talk directly to recent versions of Pageant, so I don't think you need to use these 3rd party tools anymore. I can confirm the instructions at the following link work with VSC and Pageant v0.81

https://the.earth.li/%7Esgtatham/putty/0.78/htmldoc/Chapter9.html#pageant-cmdline-openssh

suningzhao1126 commented 2 months ago

Btw, Windows OpenSSH can talk directly to recent versions of Pageant, so I don't think you need to use these 3rd party tools anymore. I can confirm the instructions at the following link work with VSC and Pageant v0.81

https://the.earth.li/%7Esgtatham/putty/0.78/htmldoc/Chapter9.html#pageant-cmdline-openssh

If I did this, do I still need to translate my private key? I have tried this but it seems not work...the program is still trying to open private keys.

powerpbx commented 2 months ago

Btw, Windows OpenSSH can talk directly to recent versions of Pageant, so I don't think you need to use these 3rd party tools anymore. I can confirm the instructions at the following link work with VSC and Pageant v0.81 https://the.earth.li/%7Esgtatham/putty/0.78/htmldoc/Chapter9.html#pageant-cmdline-openssh

If I did this, do I still need to translate my private key? I have tried this but it seems not work...the program is still trying to open private keys.

This works with private PuTTY keys loaded in to Pageant. No private OpenSSH DSA or RSA keys required. I still do not know what you are trying to do because you said you already have private PuTTY keys working, so I don't know why you are still trying to convert private OpenSSH keys into PuTTY keys.