Open psychofisch opened 5 years ago
Same problem.
I've tried to configure RemoteCommand
to run su user
, but it doesn't work.
Any new info on this?
Any new info on this?
Any new info on this?
Any new info on this?
Any new info on this?
Any new info on this?
Any new info on this?
@roblourens Any new info on this ?
I also get this issue. I notice that Windows Remote Desktop won't remember me when I tick the box, maybe it's related?
i can only via ec2-user to ssh aws ec2 .then i need to change user to root for remaining work.but vs code just can not refresh current work folder to user root.please add this function in the future. infinity ths!
If RemoteCommand
doesn't help, you could try using a remote-side command
in ~/.ssh/authorized_keys
. You need a dedicated key pair for this to work.
ssh-keygen -f ~/.ssh/id_vscode
id_vscode
, and a public key id_vscode.pub
which is installed on remote systems~/.ssh/authorized_key
which begins (inc. quotes!) command="$SSH_ORIGINAL_COMMAND"
ssh -i ~/.ssh/id_vscode -tt user@hostname bash
~/.ssh/config
on your local, try excluding it and ssh-agent
, e.g. env -u SSH_AUTH_SOCK ssh -tt -F /dev/null -i ~/.ssh/id_vscode user@hostname bash
All good? Now go change the command="$SSH_ORIGINAL_COMMAND"
to do whatever you need when logging in. For example, command="su -c '$SSH_ORIGINAL_COMMAND' otheruser"
or command="sudo -u otheruser $SSH_ORIGINAL_COMMAND"
If
RemoteCommand
doesn't help, you could try using a remote-sidecommand
in~/.ssh/authorized_keys
. You need a dedicated key pair for this to work.
On your local machine, create a new SSH identity (key pair) with
ssh-keygen -f ~/.ssh/id_vscode
- This creates two files, the private key which should never leave your local machine
id_vscode
, and a public keyid_vscode.pub
which is installed on remote systems- On the remote machine, add a line to
~/.ssh/authorized_key
which begins (inc. quotes!)command="$SSH_ORIGINAL_COMMAND"
- and finish the line by pasting your public key, ensuring there is at least one space between the prefix and the key proper
Test it on local by running
ssh -i ~/.ssh/id_vscode -tt user@hostname bash
- It should give you a completely ordinary shell
- If you have a complex
~/.ssh/config
on your local, try excluding it andssh-agent
, e.g.env -u SSH_AUTH_SOCK ssh -tt -F /dev/null -i ~/.ssh/id_vscode user@hostname bash
All good? Now go change the
command="$SSH_ORIGINAL_COMMAND"
to do whatever you need when logging in. For example,command="su -c '$SSH_ORIGINAL_COMMAND' otheruser"
orcommand="sudo -u otheruser $SSH_ORIGINAL_COMMAND"
I tried this and unfortunately does not work. An error is thrown during login citing the need to run su from a terminal.
Has once solution, a bit curious.
Performed on Centos7 server, with user on the sudoers list. BE CAREFULL, this will ALWAYS redirect you to the another user.
Create or edit the file .bashrc
on your server current user folder and add the following at the end of file
sudo su - <another_user_name>
Save the file and reload VSCode window.
Create or edit the file
.bashrc
on your server current user folder and add the following at the end of filesudo su - <another_user_name>
Save the file and reload VSCode window.
Doesn't work for me. VSCode will just hang in the connecting state if I try to do this. Tested on RHEL 7.
I wonder if this gets the attention it needs. Currently, this is a showstopper. It makes the ssh-remote plugin UI integration useless if one is using security best practise and seperates the application execution user - with limited permissions - from the actual ssh users.
I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826
After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:
ctrl + `
make node run as root
sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh
Restart remote vscode
pkill -f vscode
@arashilmg It works for me.
None of these are working for me to connect to Cent7. I can do the tests in https://github.com/microsoft/vscode-remote-release/issues/690#issuecomment-650273144 but it still runs as the limited user, and doesn't switch to the user I set in the command=""
@arashilmg Thank you, it works. This actually start vscode server with sudo (add sudo when start vscode-server in server.sh) but not configurable. If the extention support change the user or sudo cmd will be perfect.
I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826
After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:
ctrl + `
make node run as root
sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh
Restart remote vscode
pkill -f vscode
Any updates on this?
We're using a special user in combination with our deployer.php
setup - and we cannot SSH into the server as this deploy user - only as a generic one
Any updates here?
Using a sudo user is not a good idea, then all actions on those files have to be from a sudo user.
Any new info on this?
@arashilmg Do you have a way to reverse this command?
sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh
I ran it locally on WSL and now I can't start VS Code servers locally 🤦
Edit: I ended up running rm -rf ~/.vscode-server/bin/[MY-UNIQUE-INSTANCE-ID]
which seems to have done the job.
Any update on this? Great plugin but this is a showstopper for me 😞
any updates?
This was my work around in case anyone is interested: https://github.com/microsoft/vscode-remote-release/issues/141#issuecomment-853359145
Vote for this !!!! A similar feature is a fundamental feature for remote maintenance, Test automation, and IT automation ( Ansible). For example, automatic tests must run under user by choice.
I love the work going into this extension and seeing the progress being made! I agree with others here that for my use case, it's not usable in its current form.
Like most folks, I have my application running under an "app" user with restricted permissions, all the code etc... lives in /home/app - that is write restricted to the "app" user naturally.
For obvious security reasons, the "app" user can't SSH, so the only way to remotely debug is to SSH into the server as a developer account and "sudo su" to the app user.
If there was some sort of "post-connect" script that could be specified in the remote ssh extension settings, I think it would solve this problem - as well as several others potentially. This would just be a snippet that would execute on the remote server immediately after successful authentication. For obvious security reasons, it would probably be a good idea to prompt/confirm execution of the script before running it.
Thanks!!
This was my work around in case anyone is interested: #141 (comment)
This one actually worked for me. Thank you @leon-v
Any update on this?
Any updates on this?
As long as i have to switch to another user which is not about using root user (from user abc
to user drone
for editing and executing) so all the above methods didn't work for me
Any updates? I've tried to use ssh -t user@192.168.30.100 "sudo su -"
, it's not working.
Could not establish connection to "192.168.30.100 "sudo su -"`": SSH host name cannot include the character ".
Would love to see this feature. Right now it's a showstopper for me.
I was able to change the connected user by editing the SSH configuration file in home/<YOUR_PC_USERNAME>/.ssh/config
I changed the User
to who I wanted to connect as, saved the changes, closed the remote connection and reconnected again.
Host 143.244.148.121
HostName 143.244.148.121
User root
That doesn't work for me. I can only assume that your server is set to allow root to log in via ssh.
I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826
After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:
ctrl + `
make node run as root
sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh
Restart remote vscode
pkill -f vscode
# replace sed when sudo need input password
sed -i "/node/s/^/echo '<PASS>'|sudo -S /" ~/.vscode-server/bin/*/server.sh
Just added a new setting to enable RemoteCommand, remote.SSH.enableRemoteCommand
in the newest release of the extension version 0.70.0
.
You can use RemoteCommand to switch user by modifying your config to be like:
Host remote
....
RemoteCommand su otherUser
enableRemoteCommand
will only work with remote.SSH.useLocalServer
set totrue
. Let me know any issues or bugs you see with the experimental setting!
Updating this issue to add that the setting for RemoteCommand will be available in the Pre-release version of the extension.
On the Remote SSH marketplace page you'll be able to see the option to use the Pre-Release version of the extension. The extension page should look like this:
Please let me know if this solution works for you all
This doesn't work for me with v0.71.2021121615 on windows with:
ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
with setting in .ssh/config:
Host <x>
....
RemoteCommand sudo su <otheruser>
after login, starting the terminal still shows the logged in user and I can confirm I can issue that sudo command in the terminal without a problem there.
@jeroenbaas do you have useLocalServer
enabled?
assuming this setting, yes: if there's anything I can do to debug, let me know.
@jeroenbaas do you have
useLocalServer
enabled?
This doesn't work for me. I am using pre-release v0.71.2021121615. useLocalServer and remote.ssh.enableRemoteCommand are enabled. Still not switching to a specific user.
Works for me.
In my case ssh was in lowercase.
settings.json
"remote.SSH.useLocalServer": true,
"remote.SSH.enableRemoteCommand": true,
Works for me.
In my case ssh was in lowercase.
settings.json
"remote.SSH.useLocalServer": true, "remote.SSH.enableRemoteCommand": true,
This is working for me in test now that I manually set the UserLocalServer setting in my settings.json. I had checked it in the settings UI, but it appears that didn't write the change into the settings file. The enableRemoteCommand checkbox in the UI did properly set that value. Thank!
Hey @jeroenbaas would you be able to create a separate issue with logs when you try to use RemoteCommand to change user?
@jmcausing as well please!
For those whose "remote.SSH.enableRemoteCommand": true,
shows disabled. Go to the "Remote - SSH" extension page on VSCode and click "Switch to Pre-Release Version". A reload is required.
This does not work with "remote.SSH.remoteServerListenOnSocket": true
took me a while to figure out. This setting seems to simply disable useLocalServer if I set this to false it works
edit: it actually says so in the description of the setting in the UI :/
The useLocalServer setting, no matter ticking/unticking, does not seem to get set in the json, I don't see it anywhere in the .json. Not sure where my VSCode instance is storing that setting instead.
If I do enter it manually into the settings.json file, it works, although now my connections are really unstable (would reckon this is somehow related to the localServer setting that is now in effect)
@jeroenbaas would you be able to create a separate issue with what you see? I'm especially curious about the issue you saw writing to settings and any logs showing the flakiness with useLocalServer
enabled.
My problem: On my remote host I have my personal user and users that can only edit specific projects. Only my personal user is configured to be accessible directly with SSH. Usually, when I have to work on source code directly on the machine, I connect via SSH, change my user to the project user and edit the code with VIM. It seems that this workflow is currently not possible with this extension.
Is it possible to change the user after connecting? So I can connect with my personal account, switch user to the one I want (which has no SSH keys but has the permissions to edit certain files) and open the files as that user.