Closed lcmgh closed 1 year ago
bamurtaugh
commented
2 years ago Thanks for opening. So ForwardAgent works fine when I connect manually to the server and clone a git repository that my local ssh client has access to means you're able to clone this repo in an external terminal via SSH, not using VS Code or Remote-SSH?
cc @tanhakabir
tanhakabir
commented
2 years ago Just to verify what do you see when you connect to your remote with the following? (this is the ssh command we use for connection)
ssh -v -T -D 50838 -F C:\\Users\\censored\\.ssh\\config OpenStack bash
Are you able to properly git pull
lcmgh
commented
2 years ago Thanks for opening. So
ForwardAgent works fine when I connect manually to the server and clone a git repository that my local ssh client has access tomeans you're able to clone this repo in an external terminal via SSH, not using VS Code or Remote-SSH?cc @tanhakabir
Exactly. Key forwarding works fine when the connection is established from external terminals via ssh runner@10.xx.xx.xx -A -i C:\.ssh\id_rsa -A but not from the vscode spawned ssh connections.
Just to verify what do you see when you connect to your remote with the following? (this is the ssh command we use for connection)
$ ssh -v -T -D 50838 -F C:\\Users\\censored\\.ssh\\config Openstack bash
OpenSSH_7.7p1, OpenSSL 1.0.2o 27 Mar 2018
debug1: Reading configuration data C:\\Users\\censored\\.ssh\\config
debug1: C:\\Users\\censored\\.ssh\\config line 1: Applying options for Openstack
debug1: Connecting to 10.xx.xx.xx [10.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file U:\\.ssh\\id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file U:\\.ssh\\id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.xx.xx.xx:22 as 'runner'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xwZQn61wU0CA6YJryxop2hUdF5x0Nfzh3gvXpA9Davg
debug1: Host '10.xx.xx.xx' is known and matches the ECDSA host key.
debug1: Found key in /u/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:crqPDbJXs0yA7CvKmGeRc0syd4Nrn4UG6C8qeepyyJw U:\\.ssh\\id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
Authenticated to 10.xx.xx.xx ([10.xx.xx.xx]:22).
debug1: Local connections to LOCALHOST:50838 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 50838.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 50838.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /home/runner/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/runner/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Requesting authentication agent forwarding.
debug1: Sending command: bashAre you able to properly git pull
How do I connect to that shell? These commands did not work:
$ ssh localhost -p 50838 -v -i /u/.ssh/id_rsa
OpenSSH_7.7p1, OpenSSL 1.0.2o 27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 50838.
debug1: Connection established.
debug1: identity file /u/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_rsa type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
ssh_exchange_identification: Connection closed by remote host$ ssh localhost -p 50838 -v
OpenSSH_7.7p1, OpenSSL 1.0.2o 27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 50838.
debug1: Connection established.
debug1: identity file /u/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file /u/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
ssh_exchange_identification: Connection closed by remote hostHm we need to get the ssh connection command ssh -v -T -D 50838 -F C:\\Users\\censored\\.ssh\\config OpenStack bash to work or understand why it doesn't in terminal since this is what the extension uses to establish connection.
In your first set of logs what happened after you saw debug1: Sending command: bash? Was there any more logs?
lcmgh
commented
2 years ago These were the full logs.
Previous commands were executed in Git Bash. I now executed ssh -v -T -D 50838 -F C:\\Users\\censored\\.ssh\\config OpenStack bash with Powershell and we got different output. Note debug1: ssh_get_authentication_socket: No such file or directory at the end of the log.
PS U:\> ssh -v -T -D 50838 -F C:\\Users\\censored\\.ssh\\config Openstack bash
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\\\Users\\\\censored\\\\.ssh\\\\config
debug1: C:\\\\Users\\\\censored\\\\.ssh\\\\config line 1: Applying options for Openstack
debug1: Connecting to Openstack [10.31.25.236] port 22.
debug1: Connection established.
debug1: identity file U:\\.ssh\\id_rsa type 0
debug1: identity file U:\\.ssh\\id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.31.25.236:22 as 'runner'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xwZQn61wU0CA6YJryxop2hUdF5x0Nfzh3gvXpA9Davg
debug1: read_passphrase: can't open /dev/tty: No such file or directory
The authenticity of host '10.31.25.236 (10.31.25.236)' can't be established.
ECDSA key fingerprint is SHA256:xwZQn61wU0CA6YJryxop2hUdF5x0Nfzh3gvXpA9Davg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
debug1: read_passphrase: can't open /dev/tty: No such file or directory
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '10.31.25.236' (ECDSA) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: U:\\.ssh\\id_rsa RSA SHA256:crqPDbJXs0yA7CvKmGeRc0syd4Nrn4UG6C8qeepyyJw explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: U:\\.ssh\\id_rsa RSA SHA256:crqPDbJXs0yA7CvKmGeRc0syd4Nrn4UG6C8qeepyyJw explicit
debug1: Server accepts key: U:\\.ssh\\id_rsa RSA SHA256:crqPDbJXs0yA7CvKmGeRc0syd4Nrn4UG6C8qeepyyJw explicit
debug1: Authentication succeeded (publickey).
Authenticated to 10.31.25.236 ([10.31.25.236]:22).
debug1: Local connections to LOCALHOST:50838 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 50838.
bind [::1]:50838: Permission denied
debug1: Local forwarding listening on 127.0.0.1 port 50838.
bind [127.0.0.1]:50838: Permission denied
channel_setup_fwd_listener_tcpip: cannot listen to port: 50838
Could not request local forwarding.
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /home/runner/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/runner/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: ssh_get_authentication_socket: No such file or directory
debug1: Sending command: bashSo Remote-SSH actually uses Powershell to execute any connection commands, not other bash shells you may have installed on your machine. These logs look more in line with the errors we were seeing in VS Code.
It looks like we're having issues binding to a port for local forwarding:
debug1: Local forwarding listening on 127.0.0.1 port 50838.
bind [127.0.0.1]:50838: Permission denied
channel_setup_fwd_listener_tcpip: cannot listen to port: 50838
Could not request local forwarding.Do you have an idea why you might not have permissions to bind to another port on your machine?
lcmgh
commented
2 years ago I once had an issue to bind port 9090 and read somewhere that certain ranges are blocked for non-admins on Windows. But cannot find the exact statement again.
Just found a way to see if certain ports are blocked by Hyper-V. But 50838 is not within the ranges.
PS U:\> netsh interface ipv4 show excludedportrange protocol=tcp
Portausschlussbereiche für das Protokoll "tcp"
Startport Endport
---------- --------
80 80
4242 4242
5985 5985
6064 6064
6065 6065
9000 9000
9001 9001
9013 9013
47001 47001
50000 50059 *
* - Verwaltete Portausschlüsse.PS U:\> netsh int ipv4 show dynamicport tcp
Protokoll tcp Dynamischer Portbereich
---------------------------------
Startport : 49152 (Start port)
Anzahl von Ports : 16384 (Number of ports)Any hints for debugging?
wolrah
commented
2 years ago For what it's worth I found this report while trying to troubleshoot my own problem with SSH -D forwarding not working just from the command line in general. I get the same "permission denied, cannot listen to port" error intermittently and when it starts happening that feature doesn't work until a reboot.
That seems like a strong indicator that this issue is not directly in this project but instead some problem with the SSH client Windows provides that just happens to impact this extension.
roblourens
commented
1 year ago You can set the remote.SSH.path setting to your git bash ssh if it works using that instead
SSH Config:
ForwardAgent works fine when I connect manually to the server and clone a git repository that my local ssh client has access to.
ssh runner@10.xx.xx.xx -A -i C:\.ssh\id_rsa -AWhen connecting with the extension and cloning the repo it fails with public denied. I can also confirm that by establishing the connection with the extension and cloning from a connected terminal it fails with same error. That leads to the conclusion that the ForwardAgent is somehow when connection with vscode remote-ssh.
runner@remote-dev-0:~$ echo $SSH_AUTH_SOCK-> Empty outputSteps to Reproduce:
Does this issue occur when you try this locally?: No Does this issue occur when you try this locally and all extensions are disabled?: No