Changing User on Remote Machine

[psychofisch]

My problem: On my remote host I have my personal user and users that can only edit specific projects. Only my personal user is configured to be accessible directly with SSH. Usually, when I have to work on source code directly on the machine, I connect via SSH, change my user to the project user and edit the code with VIM. It seems that this workflow is currently not possible with this extension.
Is it possible to change the user after connecting? So I can connect with my personal account, switch user to the one I want (which has no SSH keys but has the permissions to edit certain files) and open the files as that user.

[leiysky]

Same problem.

I've tried to configure RemoteCommand to run su user, but it doesn't work.

[psychofisch]

Any new info on this?

[xiandong79]

Any new info on this?

[Blamo27]

Any new info on this?

[leiysky]

Any new info on this?

[howardlau1999]

Any new info on this?

[chenxu2048]

Any new info on this?

[GHLoeng]

Any new info on this?

[Blamo27]

@roblourens Any new info on this ?

[CavKratos]

I also get this issue. I notice that Windows Remote Desktop won't remember me when I tick the box, maybe it's related?

[facelezzzz]

i can only via ec2-user to ssh aws ec2 .then i need to change user to root for remaining work.but vs code just can not refresh current work folder to user root.please add this function in the future. infinity ths!

[meermanr]

If RemoteCommand doesn't help, you could try using a remote-side command in ~/.ssh/authorized_keys. You need a dedicated key pair for this to work.

1. On your local machine, create a new SSH identity (key pair) with ssh-keygen -f ~/.ssh/id_vscode
   • This creates two files, the private key which should never leave your local machine id_vscode, and a public key id_vscode.pub which is installed on remote systems
2. On the remote machine, add a line to ~/.ssh/authorized_key which begins (inc. quotes!) command="$SSH_ORIGINAL_COMMAND"
3. and finish the line by pasting your public key, ensuring there is at least one space between the prefix and the key proper
4. Test it on local by running ssh -i ~/.ssh/id_vscode -tt user@hostname bash
   • It should give you a completely ordinary shell
   • If you have a complex ~/.ssh/config on your local, try excluding it and ssh-agent, e.g. env -u SSH_AUTH_SOCK ssh -tt -F /dev/null -i ~/.ssh/id_vscode user@hostname bash

All good? Now go change the command="$SSH_ORIGINAL_COMMAND" to do whatever you need when logging in. For example, command="su -c '$SSH_ORIGINAL_COMMAND' otheruser" or command="sudo -u otheruser $SSH_ORIGINAL_COMMAND"

[JakeRLevy]

If RemoteCommand doesn't help, you could try using a remote-side command in ~/.ssh/authorized_keys. You need a dedicated key pair for this to work.

1. On your local machine, create a new SSH identity (key pair) with ssh-keygen -f ~/.ssh/id_vscode

   • This creates two files, the private key which should never leave your local machine id_vscode, and a public key id_vscode.pub which is installed on remote systems
2. On the remote machine, add a line to ~/.ssh/authorized_key which begins (inc. quotes!) command="$SSH_ORIGINAL_COMMAND"
3. and finish the line by pasting your public key, ensuring there is at least one space between the prefix and the key proper

4. Test it on local by running ssh -i ~/.ssh/id_vscode -tt user@hostname bash

   • It should give you a completely ordinary shell
   • If you have a complex ~/.ssh/config on your local, try excluding it and ssh-agent, e.g. env -u SSH_AUTH_SOCK ssh -tt -F /dev/null -i ~/.ssh/id_vscode user@hostname bash

All good? Now go change the command="$SSH_ORIGINAL_COMMAND" to do whatever you need when logging in. For example, command="su -c '$SSH_ORIGINAL_COMMAND' otheruser" or command="sudo -u otheruser $SSH_ORIGINAL_COMMAND"

I tried this and unfortunately does not work. An error is thrown during login citing the need to run su from a terminal.

[hfisaquiel]

Has once solution, a bit curious.

Performed on Centos7 server, with user on the sudoers list. BE CAREFULL, this will ALWAYS redirect you to the another user.

Create or edit the file .bashrc on your server current user folder and add the following at the end of file

sudo su - <another_user_name>

Save the file and reload VSCode window.

[omniproc]

Create or edit the file .bashrc on your server current user folder and add the following at the end of file

sudo su - <another_user_name>

Save the file and reload VSCode window.

Doesn't work for me. VSCode will just hang in the connecting state if I try to do this. Tested on RHEL 7.

[omniproc]

I wonder if this gets the attention it needs. Currently, this is a showstopper. It makes the ssh-remote plugin UI integration useless if one is using security best practise and seperates the application execution user - with limited permissions - from the actual ssh users.

[arashilmg]

I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826

After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:

ctrl + `

make node run as root

sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh

Restart remote vscode

pkill -f vscode

[Hanaasagi]

@arashilmg It works for me.

[mmahacek]

None of these are working for me to connect to Cent7. I can do the tests in https://github.com/microsoft/vscode-remote-release/issues/690#issuecomment-650273144 but it still runs as the limited user, and doesn't switch to the user I set in the command=""

[ijesonchen]

@arashilmg Thank you, it works. This actually start vscode server with sudo (add sudo when start vscode-server in server.sh) but not configurable. If the extention support change the user or sudo cmd will be perfect.

I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826

After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:

ctrl + `

make node run as root

sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh

Restart remote vscode

pkill -f vscode

[ThaDaVos]

Any updates on this?

We're using a special user in combination with our deployer.php setup - and we cannot SSH into the server as this deploy user - only as a generic one

[ydennisy]

Any updates here?

Using a sudo user is not a good idea, then all actions on those files have to be from a sudo user.

[lhdamiani]

Any new info on this?

[johncarter-]

@arashilmg Do you have a way to reverse this command?

sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh

I ran it locally on WSL and now I can't start VS Code servers locally 🤦

Edit: I ended up running rm -rf ~/.vscode-server/bin/[MY-UNIQUE-INSTANCE-ID] which seems to have done the job.

[haydenfree]

Any update on this? Great plugin but this is a showstopper for me 😞

[whiskas]

any updates?

[leon-v]

This was my work around in case anyone is interested: https://github.com/microsoft/vscode-remote-release/issues/141#issuecomment-853359145

[PavelSosin-320]

Vote for this !!!! A similar feature is a fundamental feature for remote maintenance, Test automation, and IT automation ( Ansible). For example, automatic tests must run under user by choice.

[claytongulick]

I love the work going into this extension and seeing the progress being made! I agree with others here that for my use case, it's not usable in its current form.

Like most folks, I have my application running under an "app" user with restricted permissions, all the code etc... lives in /home/app - that is write restricted to the "app" user naturally.

For obvious security reasons, the "app" user can't SSH, so the only way to remotely debug is to SSH into the server as a developer account and "sudo su" to the app user.

If there was some sort of "post-connect" script that could be specified in the remote ssh extension settings, I think it would solve this problem - as well as several others potentially. This would just be a snippet that would execute on the remote server immediately after successful authentication. For obvious security reasons, it would probably be a good idea to prompt/confirm execution of the script before running it.

Thanks!!

[pehamraza]

This was my work around in case anyone is interested: #141 (comment)

This one actually worked for me. Thank you @leon-v

[jayshanker2000]

Any update on this?

[ThaiLe011094]

Any updates on this? As long as i have to switch to another user which is not about using root user (from user abc to user drone for editing and executing) so all the above methods didn't work for me

[Bingmang]

Any updates? I've tried to use ssh -t user@192.168.30.100 "sudo su -", it's not working.

Could not establish connection to "192.168.30.100 "sudo su -"`": SSH host name cannot include the character ".

[Upperholme]

Would love to see this feature. Right now it's a showstopper for me.

[enocklubowa]

I was able to change the connected user by editing the SSH configuration file in home/<YOUR_PC_USERNAME>/.ssh/config I changed the User to who I wanted to connect as, saved the changes, closed the remote connection and reconnected again.

Host 143.244.148.121
  HostName 143.244.148.121
  User root

[Upperholme]

That doesn't work for me. I can only assume that your server is set to allow root to log in via ssh.

[chulinx]

I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826

After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:

ctrl + `

make node run as root

sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh

Restart remote vscode

pkill -f vscode

# replace sed when sudo need input password
sed -i  "/node/s/^/echo '<PASS>'|sudo -S /" ~/.vscode-server/bin/*/server.sh

[tanhakabir]

Just added a new setting to enable RemoteCommand, remote.SSH.enableRemoteCommand in the newest release of the extension version 0.70.0.

You can use RemoteCommand to switch user by modifying your config to be like:

Host remote
    ....
    RemoteCommand su otherUser

enableRemoteCommand will only work with remote.SSH.useLocalServer set totrue. Let me know any issues or bugs you see with the experimental setting!

[tanhakabir]

Updating this issue to add that the setting for RemoteCommand will be available in the Pre-release version of the extension.

On the Remote SSH marketplace page you'll be able to see the option to use the Pre-Release version of the extension. The extension page should look like this:

Please let me know if this solution works for you all

[jeroenbaas]

This doesn't work for me with v0.71.2021121615 on windows with:

ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2

with setting in .ssh/config:

Host <x>
   ....
   RemoteCommand sudo su <otheruser>

after login, starting the terminal still shows the logged in user and I can confirm I can issue that sudo command in the terminal without a problem there.

[tanhakabir]

@jeroenbaas do you have useLocalServer enabled?

[jeroenbaas]

assuming this setting, yes: if there's anything I can do to debug, let me know.

[jmcausing]

@jeroenbaas do you have useLocalServer enabled?

This doesn't work for me. I am using pre-release v0.71.2021121615. useLocalServer and remote.ssh.enableRemoteCommand are enabled. Still not switching to a specific user.

[qoojobs]

Works for me.

In my case ssh was in lowercase.

settings.json

  "remote.SSH.useLocalServer": true,
  "remote.SSH.enableRemoteCommand": true,

[mmahacek]

Works for me.

In my case ssh was in lowercase.

settings.json

  "remote.SSH.useLocalServer": true,
  "remote.SSH.enableRemoteCommand": true,

This is working for me in test now that I manually set the UserLocalServer setting in my settings.json. I had checked it in the settings UI, but it appears that didn't write the change into the settings file. The enableRemoteCommand checkbox in the UI did properly set that value. Thank!

[tanhakabir]

Hey @jeroenbaas would you be able to create a separate issue with logs when you try to use RemoteCommand to change user?

@jmcausing as well please!

[badalsaibo]

For those whose "remote.SSH.enableRemoteCommand": true, shows disabled. Go to the "Remote - SSH" extension page on VSCode and click "Switch to Pre-Release Version". A reload is required.

[FStelzer]

This does not work with "remote.SSH.remoteServerListenOnSocket": true

took me a while to figure out. This setting seems to simply disable useLocalServer if I set this to false it works

edit: it actually says so in the description of the setting in the UI :/

[jeroenbaas]

The useLocalServer setting, no matter ticking/unticking, does not seem to get set in the json, I don't see it anywhere in the .json. Not sure where my VSCode instance is storing that setting instead.

If I do enter it manually into the settings.json file, it works, although now my connections are really unstable (would reckon this is somehow related to the localServer setting that is now in effect)

[tanhakabir]

@jeroenbaas would you be able to create a separate issue with what you see? I'm especially curious about the issue you saw writing to settings and any logs showing the flakiness with useLocalServer enabled.