Open chunky opened 3 months ago
If you're following the steps in https://sassoftware.github.io/vscode-sas-extension/Configurations/Profiles/sas9ssh#windows The steps are all one-time setup. The ssh-agent is running as a service and you don't need to repeat any steps in daily connection.
Feature request for password auth is tracked in #294
I had found that documentation, but there are two difficulties:
That feature request for password auth is now more than a year old, which makes me worry it's backburnered. I'm in the process of trying to raise the SAS VS Code Plugin as an option right now; if I don't succeed in making this easy in the next weeks/months, then for budget and project-management reasons I don't have an opportunity to try again for the next couple years.
Update: I tried following the instructions provided, since my user can elevate to administrative privileges.
Our organisation has disabled the windows store enterprise-wide. No-one here is able to use windows "optional features", so there's no way to install the recommended SSH components.
Is your feature request related to a problem? Please describe.
I'm in a Windows-heavy environment with Linux servers running 9.4, and IOM is unavailable. My userbase are highly skilled statisticians/economists/researchers, not really interested in messing around with environment variables or "arcane ssh stuff".
On Windows in particular, ssh-agent and setting environment variables are high-friction. I am reasonably expecting my users to have git [including git-bash and ssh/ssh-agent/etc] installed, but not any other SSH client. Some of them have PuTTY and PuTTY Keys configured, but that's much less common.
Current (Disliked) Workflow
Currently the process looks like this:
SSH_AUTH_SOCK
toc:/Users/$USER/ssh.sock
ssh-agent -a /c/Users/$USER/ssh.sock
ssh-add
Which is a little heavy on magick, highly error-prone, and a bunch more steps than most analysts enjoy repeating. One option is to try and have VS code execute the one-off stuff on startup using a task, but that seems brittle and hard to debug.
Describe the solution you'd like
The ssh2 npm module that this plugin uses can take a "password" item in the configuration. The function getSession in client/src/connection/ssh/index.ts:24 could be edited to ask for a password, if the SSH_AUTH_SOCK environment variable isn't set. Notionally:
Then, around line 71 in the same file, add
password: this._config.password
to the relevant configuration creation.Describe alternatives you've considered
Use npm ssh2's authhandler to ask for a password as a fallback
According to this documentation, you can stuff some additional items into the authHandler when connecting: https://www.npmjs.com/package/ssh2#client
The last example there provides a callback for use as a
keyboard-interactive
authhandler.I think this is the best solution, if it works; for example, on servers that don't allow
keyboard-interactive
, the prompt never appears. And if SSH_AUTH_SOCK is set, but ssh keys haven't been added to the agent, then this approach will still do the right thing. My proposed solution above doesn't work, if the env.var is set but it doesn't have the key. And moving the prompt to run every time is super annoying, if the ssh agent + keys are working.I didn't primarily suggest this because I don't know the VS Code ecosystem enough to know if this is feasible.
Allow user to specify a ssh key as part of their SAS profiles
The ssh2 module, as one of its authhandlers, lets you specify a private key. This could be an optional item that users can add to specific profiles in their SAS config, eg:
I didn't suggest this solution primarily because, if the users have passwords on their identity file, there isn't a password prompt mechanism available [and the JSON config shouldn't afford people adding a passphrase]
Environment
SAS version 9.4 on Linux. Windows 10 clients.