Respect RemoteCommand option when connecting to remote host over ssh

[cuivienor]

It seems that currently the RemoteCommand option in an ssh config is ignored.

I found a closed issues discussing this previously #695. The reason I'm asking for this is that I need to use the ssh extension in a network setup with a gateway which has disabled tunneling for security reasons. My situation is similar to the one described in another closed issue #82.

I need to ssh to a gateway host, which prompts for a password and on success waits for input for the host name to connect to. Example ssh config which works from the command line:

Host some-host
        Hostname gateway-host
        RemoteCommand inline host-to-connect-to
        User user-name

running ssh some-host will successfully establish a connection to the desired host, but from looking at vscode trace logs the invoked command is

ssh -T -o ClearAllForwardings=true -o RemoteCommand=none -F "config-file" "some-host" bash

Since vscode explicitly disabled the RemoteCommand config I successfully connect and get a password prompt. However after that I get an error since the command is trying to execute bash on the gateway host which in my case needs to be forwarded the inline host-to-connect-to command

Looking at a comment on #695 from @roblourens

We block RemoteCommand, because it won't work the way you expect anyway, ie it won't apply to terminals that are opened inside of vscode. You will have to find another way to get the same result. If you tell me what you are using it for I can try to give advice.

I would personally not mind my integrated terminal to not do the right thing if I could get the ability to successfully establish the vscode connection which from what I understand would work if we have a way to remove the RemoteCommand=none from the initial connection.

[roblourens]

Your ssh config would work for opening an interactive terminal session, but to connect, vscode needs to run a script on your remote. It does this by piping the command through the ssh process. The problem is that it's impossible to pass a script to ssh while RemoteCommand also exists. RemoteCommand will always take precedence and the passed in script will be ignored.

I can support it if there is some way that a command like this will work:

echo "echo hello" | ssh some-host

where the "echo hello" command executes on your final remote host, not the gateway. Maybe someone more creative than me or who understands ssh better can find a solution, but I don't know how to do it.

[roblourens]

Actually, I want to try something. Could you install this, try connecting, and tell me what happens?

• Download this and rename from .zip to .vsix
• Uninstall the Remote-SSH extension
• Run this command in vscode: F1 > "Install from VSIX"
• Select this vsix, try again
• Share the log from the Remote-SSH output channel, if it doesn't work

remote-ssh-0.65.0-beta.zip

[cuivienor]

Thanks for the insanely quick reply @roblourens! I think this worked! Seems like vscode correctly executed the RemoteCommand, and did its work on the correct remote host. Attaching logs:

SSH Extension logs

[08:18:12.772] Log Level: 1
[08:18:12.773] remote-ssh@0.65.0-beta
[08:18:12.773] win32 x64
[08:18:12.775] SSH Resolver called for "ssh-remote+<host-name>", attempt 1
[08:18:12.775] "remote.SSH.useLocalServer": true
[08:18:12.775] "remote.SSH.sshPath": undefined
[08:18:12.775] "remote.SSH.sshConfigurationFile": C:\Users\<windows-user-name>\.ssh\config
[08:18:12.775] "remote.SSH.useFlock": true
[08:18:12.775] "remote.SSH.lockfilesInTmp": false
[08:18:12.775] "remote.SSH.localServerDownload": auto
[08:18:12.775] "remote.SSH.remoteServerListenOnSocket": false
[08:18:12.775] "remote.SSH.showLoginTerminal": true
[08:18:12.775] "remote.SSH.defaultExtensions": []
[08:18:12.776] SSH Resolver called for host: <host-name>
[08:18:12.776] Setting up SSH remote "<host-name>"
[08:18:12.778] Acquiring local install lock: C:\Users\PETROV~1\AppData\Local\Temp\vscode-remote-ssh-<host-name>-install.lock
[08:18:12.782] Looking for existing server data file at c:\Users\<windows-user-name>\AppData\Roaming\Code\User\globalStorage\ms-vscode-remote.remote-ssh\vscode-ssh-host-<host-name>-5d424b828ada08e1eb9f95d6cb41120234ef57c7-0.65.0-beta\data.json
[08:18:12.783] Using commit id "5d424b828ada08e1eb9f95d6cb41120234ef57c7" and quality "stable" for server
[08:18:12.785] Install and start server if needed
[08:18:12.788] Checking ssh with "ssh -V"
[08:18:12.825] > OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5

[08:18:12.828] Preferring non-windows OpenSSH, skipping
[08:18:12.828] Checking ssh with "C:\WINDOWS\System32\OpenSSH\ssh.exe -V"
[08:18:12.857] > OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5

[08:18:12.860] Preferring non-windows OpenSSH, skipping
[08:18:12.860] Checking ssh with "C:\Program Files\Git\usr\bin\ssh.exe -V"
[08:18:12.891] > OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020

[08:18:12.895] Using SSH config file "C:\Users\<windows-user-name>\.ssh\config"
[08:18:12.895] askpass server listening on \\.\pipe\vscode-ssh-askpass-081fcb704e63e847a88c4c0e24ab404de078e66f-sock
[08:18:12.896] Spawning local server with {"ipcHandlePath":"\\\\.\\pipe\\vscode-ssh-askpass-c99847987798e5c6285051c8f532051532c162fb-sock","sshCommand":"C:\\Program Files\\Git\\usr\\bin\\ssh.exe","sshArgs":["-v","-T","-D","49883","-F","C:\\Users\\<windows-user-name>\\.ssh\\config","<host-name>"],"dataFilePath":"c:\\Users\\<windows-user-name>\\AppData\\Roaming\\Code\\User\\globalStorage\\ms-vscode-remote.remote-ssh\\vscode-ssh-host-<host-name>-5d424b828ada08e1eb9f95d6cb41120234ef57c7-0.65.0-beta\\data.json"}
[08:18:12.896] Local server env: {"DISPLAY":"1","ELECTRON_RUN_AS_NODE":"1","SSH_ASKPASS":"c:\\Users\\<windows-user-name>\\.vscode\\extensions\\ms-vscode-remote.remote-ssh-0.65.0-beta\\out\\local-server\\askpass.bat","VSCODE_SSH_ASKPASS_NODE":"C:\\Users\\<windows-user-name>\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe","VSCODE_SSH_ASKPASS_MAIN":"c:\\Users\\<windows-user-name>\\.vscode\\extensions\\ms-vscode-remote.remote-ssh-0.65.0-beta\\out\\askpass-main.js","VSCODE_SSH_ASKPASS_HANDLE":"\\\\.\\pipe\\vscode-ssh-askpass-081fcb704e63e847a88c4c0e24ab404de078e66f-sock"}
[08:18:12.903] Spawned 24172
[08:18:12.979] > local-server> Spawned ssh: 24416
[08:18:13.004] stderr> OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020
[08:18:13.005] stderr> debug1: Reading configuration data C:\\Users\\<windows-user-name>\\.ssh\\config
[08:18:13.005] stderr> debug1: C:\\Users\\<windows-user-name>\\.ssh\\config line 6: Applying options for <host-name>
[08:18:13.027] stderr> debug1: Connecting to <company-gateway> [<company-gateway-ip>] port 22.
[08:18:13.038] stderr> debug1: Connection established.
[08:18:13.038] stderr> load pubkey "C:\\Users\\<windows-user-name>\\.ssh\\id_rsa.openssh": invalid format
[08:18:13.038] stderr> debug1: identity file C:\\Users\\<windows-user-name>\\.ssh\\id_rsa.openssh type -1
[08:18:13.039] stderr> debug1: identity file C:\\Users\\<windows-user-name>\\.ssh\\id_rsa.openssh-cert type -1
[08:18:13.039] stderr> debug1: Local version string SSH-2.0-OpenSSH_8.3
[08:18:13.049] stderr> debug1: Remote protocol version 2.0, remote software version GatewaySSH_6.2
[08:18:13.049] stderr> debug1: no match: GatewaySSH_6.2
[08:18:13.050] stderr> debug1: Authenticating to <company-gateway>:22 as '<ssh-user-name>'
[08:18:13.050] stderr> debug1: SSH2_MSG_KEXINIT sent
[08:18:13.060] stderr> debug1: SSH2_MSG_KEXINIT received
[08:18:13.060] stderr> debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
[08:18:13.060] stderr> debug1: kex: host key algorithm: ssh-rsa
[08:18:13.060] stderr> debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
[08:18:13.060] stderr> debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
[08:18:13.060] stderr> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
[08:18:13.070] stderr> debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
[08:18:13.070] stderr> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
[08:18:13.082] stderr> debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
[08:18:13.082] stderr> debug1: Server host key: ssh-rsa SHA256:LT25cpCuoA2H5kJ7iv0ZzGUj7G8nx+vfuC0BcQWG2tk
[08:18:13.083] stderr> debug1: Host '<company-gateway>' is known and matches the RSA host key.
[08:18:13.083] stderr> debug1: Found key in /c/Users/<windows-user-name>/.ssh/known_hosts:1
[08:18:13.084] stderr> debug1: rekey out after 4294967296 blocks
[08:18:13.084] stderr> debug1: SSH2_MSG_NEWKEYS sent
[08:18:13.084] stderr> debug1: expecting SSH2_MSG_NEWKEYS
[08:18:13.084] stderr> debug1: SSH2_MSG_NEWKEYS received
[08:18:13.084] stderr> debug1: rekey in after 4294967296 blocks
[08:18:13.084] stderr> debug1: Will attempt key: C:\\Users\\<windows-user-name>\\.ssh\\id_rsa.openssh  explicit
[08:18:13.143] stderr> debug1: SSH2_MSG_SERVICE_ACCEPT received
[08:18:13.327] stderr> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
[08:18:13.328] stderr> debug1: Next authentication method: publickey
[08:18:13.328] stderr> debug1: Trying private key: C:\\Users\\<windows-user-name>\\.ssh\\id_rsa.openssh
[08:18:13.396] stderr> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
[08:18:13.396] stderr> debug1: Next authentication method: keyboard-interactive
[08:18:13.439] stderr> debug1: read_passphrase: can't open /dev/tty: No such device or address
[08:18:13.544] Got askpass request: {"request":"Password: "}
[08:18:13.544] Showing password prompt
[08:18:13.545] Listening for interwindow password on \\.\pipe\vscode-ssh-askpass-ac1a983860735c8e22f77ca01840d0052bbd1833-sock
[08:18:13.545] Writing password prompt to globalState
[08:18:16.948] Got password response
[08:18:16.948] Interactor gave response: ************
[08:18:16.948] Cleaning up other-window auth server
[08:18:17.948] stderr> debug1: Authentication succeeded (keyboard-interactive).
[08:18:17.948] stderr> Authenticated to <company-gateway> ([<company-gateway-ip>]:22).
[08:18:17.948] stderr> debug1: Local connections to LOCALHOST:49883 forwarded to remote address socks:0
[08:18:17.949] stderr> debug1: Local forwarding listening on ::1 port 49883.
[08:18:17.949] stderr> debug1: channel 0: new [port listener]
[08:18:17.949] stderr> debug1: Local forwarding listening on 127.0.0.1 port 49883.
[08:18:17.949] stderr> debug1: channel 1: new [port listener]
[08:18:17.949] stderr> debug1: channel 2: new [client-session]
[08:18:17.949] stderr> debug1: Entering interactive session.
[08:18:17.949] stderr> debug1: pledge: network
[08:18:18.011] stderr> debug1: Sending command: inline <host-name>
[08:18:18.398] stderr> Pseudo-terminal will not be allocated because stdin is not a terminal.
[08:18:18.664] stderr> Warning: Permanently added '<host-name>,<some-other-ip>' (RSA) to the list of known hosts.
[08:18:19.857] > ready: 6f426641cafb
[08:18:19.881] > Linux 3.10.0-1127.10.1.el7.x86_64 #1 SMP Tue May 26 15:05:43 EDT 2020
[08:18:19.882] Platform: linux
[08:18:19.911] > 6f426641cafb: running
[08:18:19.946] > Acquiring lock on /home/<ssh-user-name>/.vscode-server/bin/5d424b828ada08e1eb9f95d6cb41120234ef57c7/vscode-remote-lock.<ssh-user-name>.5d424b828ada08e1eb9f95d6cb41120234ef57c7
[08:18:19.952] > Installing to /home/<ssh-user-name>/.vscode-server/bin/5d424b828ada08e1eb9f95d6cb41120234ef57c7...
[08:18:19.954] > 6f426641cafb%%1%%
[08:18:19.963] > Downloading with wget
[08:18:21.686] > Download complete
[08:18:21.698] > 6f426641cafb%%2%%
> tar --version:
> tar (GNU tar) 1.26
> Copyright (C) 2011 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Written by John Gilmore and Jay Fenlason.
[08:18:22.595] > Checking /home/<ssh-user-name>/.vscode-server/.5d424b828ada08e1eb9f95d6cb41120234ef57c7.log and /home/<ssh-user-name>/.vscode-server/.5d424b828ada08e1eb9f95d6cb41120234ef57c7.pid for a running server
[08:18:22.622] > Starting server with command... /home/<ssh-user-name>/.vscode-server/bin/5d424b828ada08e1eb9f95d6cb41120234ef57c7/server.sh --start-server --host=127.0.0.1 --enable-remote-auto-shutdown --disable-telemetry --port=0  &> "/home/<ssh-user-name>/.vscode-server/.5d424b828ada08e1eb9f95d6cb41120234ef57c7.log" < /dev/null
> printenv:
[08:18:22.631] >     XDG_SESSION_ID=39025
>     HOSTNAME=dev-10-34-7-254
>     SELINUX_ROLE_REQUESTED=
>     SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
>     SHELL=/bin/bash
>     HISTSIZE=1000
>     SSH_CLIENT=<company-gateway-ip> 54710 22
>     SELINUX_USE_CURRENT_RANGE=
>     USER=<ssh-user-name>
>     http_proxy=<company-dev-proxy>
>     VSCODE_AGENT_FOLDER=/home/<ssh-user-name>/.vscode-server
>     PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/<ssh-user-name>/.local/bin:/home/<ssh-user-name>/bin
>     MAIL=/var/spool/mail/<ssh-user-name>
>     PWD=/home/<ssh-user-name>
>     LANG=en_US.UTF-8
>     SELINUX_LEVEL_REQUESTED=
>     https_proxy=<company-dev-proxy>
>     HISTCONTROL=ignoredups
>     HOME=/home/<ssh-user-name>
>     SHLVL=2
>     no_proxy=<company-no-proxy-urls>
>     LOGNAME=<ssh-user-name>
>     SSH_CONNECTION=<company-gateway-ip> 54710 <some-other-ip> 22
>     LESSOPEN=||/usr/bin/lesspipe.sh %s
>     XDG_RUNTIME_DIR=/run/user/25173
>     _=/usr/bin/printenv
>     OLDPWD=/home/<ssh-user-name>/.vscode-server/bin/5d424b828ada08e1eb9f95d6cb41120234ef57c7
[08:18:22.631] stderr> rm: cannot remove ‘/home/<ssh-user-name>/.vscode-server/.5d424b828ada08e1eb9f95d6cb41120234ef57c7.token’: No such file or directory
[08:18:22.631] > Spawned remote server: 18218
[08:18:22.633] > Waiting for server log...
[08:18:22.667] > Waiting for server log...
[08:18:22.705] >  
> *
> * Reminder: You may only use this software with Visual Studio family products,
> * as described in the license (https://go.microsoft.com/fwlink/?linkid=2077057)
> *
>  
[08:18:22.711] > 6f426641cafb: start
> webUiAccessToken====
> listeningOn==37178==
> osReleaseId==rhel==
> arch==x86_64==
> tmpDir==/run/user/25173==
> platform==linux==
> unpackResult==success==
> didLocalDownload==0==
> downloadTime==1733==
> installTime==893==
> extInstallTime====
> serverStartTime==78==
> connectionToken==11a1a1a1-111a-1111-1a11-1a1111a11aa1==
> 6f426641cafb: end
[08:18:22.711] Received install output: 
webUiAccessToken====
listeningOn==37178==
osReleaseId==rhel==
arch==x86_64==
tmpDir==/run/user/25173==
platform==linux==
unpackResult==success==
didLocalDownload==0==
downloadTime==1733==
installTime==893==
extInstallTime====
serverStartTime==78==
connectionToken==11a1a1a1-111a-1111-1a11-1a1111a11aa1==

[08:18:22.712] Remote server is listening on 37178
[08:18:22.712] Parsed server configuration: {"serverConfiguration":{"remoteListeningOn":{"port":37178},"osReleaseId":"rhel","arch":"x86_64","webUiAccessToken":"","tmpDir":"/run/user/25173","platform":"linux","connectionToken":"11a1a1a1-111a-1111-1a11-1a1111a11aa1"},"downloadTime":1733,"installTime":893,"serverStartTime":78,"installUnpackCode":"success"}
[08:18:22.714] Persisting server connection details to c:\Users\<windows-user-name>\AppData\Roaming\Code\User\globalStorage\ms-vscode-remote.remote-ssh\vscode-ssh-host-<host-name>-5d424b828ada08e1eb9f95d6cb41120234ef57c7-0.65.0-beta\data.json
[08:18:22.717] Starting forwarding server. localPort 64571 -> socksPort 49883 -> remotePort 37178
[08:18:22.718] Forwarding server listening on 64571
[08:18:22.718] Waiting for ssh tunnel to be ready
[08:18:22.719] [Forwarding server 64571] Got connection 0
[08:18:22.720] Tunneled 37178 to local port 64571
[08:18:22.720] Resolved "ssh-remote+<host-name>" to "127.0.0.1:64571"
[08:18:22.725] TELEMETRY: {"eventName":"resolver","properties":{"osReleaseId":"rhel","arch":"x86_64","askedPw":"0","askedPassphrase":"0","asked2fa":"0","askedHostKey":"0","remoteInConfigFile":"1","gotUnrecognizedPrompt":"0","dynamicForwarding":"0","localServer":"1","didLocalDownload":"0","installUnpackCode":"1","outcome":"success"},"measures":{"resolveAttempts":1,"retries":1,"timing.totalResolveTime":9951,"timing.preSshTime":122,"timing.establishSshTime":7015,"timing.scriptTime":9816,"timing.downloadTime":1733,"timing.installTime":893,"timing.serverStartTime":78}}
[08:18:22.726] ------




[08:18:22.734] Failed to set up socket for dynamic port forward to remote port 37178: Socket closed. Is the remote port correct?
[08:18:22.768] [Forwarding server 64571] Got connection 1
[08:18:22.779] Failed to set up socket for dynamic port forward to remote port 37178: Socket closed. Is the remote port correct?

Namely: [08:18:18.011] stderr> debug1: Sending command: inline <host-name>

After which I see the vscode server being installed on my remote host 🎉

I am still hitting an issue specific to our gateway stuff though. As I mentioned previously the gateway we have explicitly disables tunneling and from what I see after code-server is up we are trying to establish a connection over a tunnel.

[08:18:22.718] Waiting for ssh tunnel to be ready
...
[08:18:22.734] Failed to set up socket for dynamic port forward to remote port 37178: Socket closed. Is the remote port correct?

I just started learning about all this ssh stuff this weekend so still trying to figure out what exactly is going on but I know our solution in general is to use nc (netcat) to get around the no tunneling allowed problem. I know people use that when doing a similar setup in emacs which needs an ssh tunnel for the UI -> server connection. Trying to parse through this stack overflow answer it seems that I would need to know what port code-server is listening on and somehow be able to execute an nc -l <port> command on the remote. I assume this would involve something more complex in how code-server actually works to communicate over ssh and not just how we connect over ssh which is probably out of scope for this issue.

But I think in regards to the issue of RemoteCommand it looks like the patch you sent is working flawlessly! Thank you so much!

I will play around with the next step of why the connection is not established after that, so if you happen to have any insight into my vague description above that would probably help me greatly 😄 since I'm a bit out of my comfort zone on this stuff.

[roblourens]

I don't understand how netcat helps without forwarding a port over SSH but let me know if you figure it out. You will probably have to enable port forwarding on your ssh server with the flag AllowTcpForwarding yes in your sshd_config.

I don't want to ship this change yet, I need more time to convince myself that it's safe, I don't know whether it's guaranteed that the script we send will never execute on the gateway machine. Will do some more testing.

[cuivienor]

Thank for the help again @roblourens. The problem I have is the gateway machine explicitly has disabled AllowTcpForwarding which I do not have control over (deemed a security risk). So I suspect I might be out of luck to get the ssh extension working on this setup ☹️ since it fundamentally relies on tunneling and it doesn't seem to be enough for me to allow it only on the target machine which I control.

Sounds like the RemoteCommand would be useful for people in general so hopefully you don't see any blockers when you test more 😄

[david-macleod]

Thanks for the workaround, allowing RemoteCommand would also be useful for my use case: sshing directly inside a singularity container, which relates to this issue here #3066. I can confirm that the custom extension with RemoteCommand enabled solves this issue.

[roblourens]

@david-macleod I can investigate more if there is a good usecase. Can you tell me more about how it works with singularity, what are you SSHing into? And can you try the custom build again and share the log from the Remote-SSH output channel, so I can check that there is nothing fishy?

I guess I need to look at the OpenSSH source, I want to see how it handles this case, but I am still not convinced that it's guaranteed safe.

[xvr-hlt]

Hey @roblourens – once this is implemented, do you think it would be a viable way of running a VSCode Remote - SSH sessions from within an interactive slurm job? E.g. by adding

Host ...
  RequestTTY yes
  RemoteCommand srun --pty bash

And by connecting to said host using the Remote SSH extension.

[Jerry-Ma]

Hi,

I was looking into the same functionality as described by xvr-hit.

The HPC that I am working on requires users to run extended jobs on a compute node using the SLURM.

I am looking forward to seeing this feature implemented. Thanks a lot!

[likan999]

My use case also requires the RemoteCommand. Please support it. AFAIK, it works before 0.66, but now after I upgrade my extension to 0.66, it is no longer respected.

My use case is the RemoteCommand is "toolbox run -T bash", which allows the remote VScode run inside a toolbox. Now 0.66 my workflow is completely broken.

[leon-v]

I have not been able to get the 65.0 beta above working.

[10:03:04.820] > local-server> Spawned ssh: 16524
[10:03:04.872] stderr> OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021
[10:03:05.072] stderr> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:1l21OT0ZgybGFmTdWGmmd1ZI6heT0PeTo/46GeYjAZ4
[10:03:05.243] stderr> events.js:292
[10:03:05.244] stderr>       throw er; // Unhandled 'error' event

Extension log...

[10:03:04.508] Log Level: 2
[10:03:04.513] remote-ssh@0.65.0-beta
[10:03:04.513] win32 x64
[10:03:04.514] SSH Resolver called for "ssh-remote+dev:ubuntu", attempt 1
[10:03:04.514] "remote.SSH.useLocalServer": true
[10:03:04.514] "remote.SSH.sshPath": undefined
[10:03:04.514] "remote.SSH.sshConfigurationFile": undefined
[10:03:04.514] "remote.SSH.useFlock": true
[10:03:04.514] "remote.SSH.lockfilesInTmp": false
[10:03:04.515] "remote.SSH.localServerDownload": auto
[10:03:04.515] "remote.SSH.remoteServerListenOnSocket": false
[10:03:04.516] "remote.SSH.showLoginTerminal": false
[10:03:04.516] "remote.SSH.defaultExtensions": []
[10:03:04.516] SSH Resolver called for host: dev:ubuntu
[10:03:04.517] Setting up SSH remote "dev:ubuntu"
[10:03:04.520] Acquiring local install lock: C:\Users\user\AppData\Local\Temp\vscode-remote-ssh-dev:ubuntu-install.lock
[10:03:04.544] Looking for existing server data file at c:\Users\user\AppData\Roaming\Code\User\globalStorage\ms-vscode-remote.remote-ssh\vscode-ssh-host-dev:ubuntu-3a6960b964327f0e3882ce18fcebd07ed191b316-0.65.0-beta\data.json
[10:03:04.546] Using commit id "3a6960b964327f0e3882ce18fcebd07ed191b316" and quality "stable" for server
[10:03:04.552] Install and start server if needed
[10:03:04.575] Checking ssh with "ssh -V"
[10:03:04.611] > OpenSSH_for_Windows_8.1p1, L
[10:03:04.611] > ibreSSL 3.0.2
[10:03:04.614] Checking ssh with "C:\WINDOWS\System32\OpenSSH\ssh.exe -V"

[10:03:04.646] > OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
[10:03:04.650] Checking ssh with "C:\Program Files\Git\usr\bin\ssh.exe -V"

[10:03:04.710] > OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021
[10:03:04.714] Using SSH config file "C:\Users\user.ssh\config"

[10:03:04.715] askpass server listening on \.\pipe\vscode-ssh-askpass-775760ee175bj0670b021fb0793261eb82735796-sock

[10:03:04.716] Spawning local server with {"ipcHandlePath":"\\.\pipe\vscode-ssh-askpass-7616ebaab15989582a304e68e3fdece5c70bae95-sock","sshCommand":"C:\Program Files\Git\usr\bin\ssh.exe","sshArgs":["-v","-T","-D","1044","-F","C:\Users\user\.ssh\config","dev:ubuntu"],"dataFilePath":"c:\Users\user\AppData\Roaming\Code\User\globalStorage\ms-vscode-remote.remote-ssh\vscode-ssh-host-dev:ubuntu-3a6960b964327f0e3882ce18fcebd07ed191b316-0.65.0-beta\data.json"}

[10:03:04.716] Local server env: {"DISPLAY":"1","ELECTRON_RUN_AS_NODE":"1","SSH_ASKPASS":"c:\Users\user\.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\local-server\askpass.bat","VSCODE_SSH_ASKPASS_NODE":"C:\Users\user\AppData\Local\Programs\Microsoft VS Code\Code.exe","VSCODE_SSH_ASKPASS_MAIN":"c:\Users\user\.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\askpass-main.js","VSCODE_SSH_ASKPASS_HANDLE":"\\.\pipe\vscode-ssh-askpass-775760ee175bj0670b021fb0793261eb82735796-sock"}

[10:03:04.725] Spawned 4176

[10:03:04.820] > local-server> Spawned ssh: 16524

[10:03:04.872] stderr> OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021

[10:03:05.072] stderr> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:1l21OT0ZgybGFmTdWGmmd1ZI6heT0PeTo/46GeYjAZ4

[10:03:05.243] stderr> events.js:292

[10:03:05.244] stderr>       throw er; // Unhandled 'error' event

[10:03:05.244] stderr>       ^

[10:03:05.244] stderr>

[10:03:05.244] stderr> Error [ERR_STREAM_WRITE_AFTER_END]: write after end

[10:03:05.244] stderr>     at writeAfterEnd (_http_outgoing.js:668:15)

[10:03:05.244] stderr>     at ServerResponse.end (_http_outgoing.js:789:7)

[10:03:05.244] stderr>     at Object.onRequest (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\localServer.js:1:2599)

[10:03:05.244] stderr>     at Server. (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\localServer.js:1:1914)

[10:03:05.244] stderr>     at Server.emit (events.js:315:20)

[10:03:05.244] stderr>     at parserOnIncoming (_http_server.js:874:12)

[10:03:05.244] stderr>     at HTTPParser.parserOnHeadersComplete (_http_common.js:126:17)

[10:03:05.245] stderr> Emitted 'error' event on ServerResponse instance at:

[10:03:05.245] stderr>     at writeAfterEndNT (_http_outgoing.js:727:7)

[10:03:05.245] stderr>     at processTicksAndRejections (internal/process/task_queues.js:81:21) {

[10:03:05.245] stderr>   code: 'ERR_STREAM_WRITE_AFTER_END'

[10:03:05.245] stderr> }

[10:03:05.253] Local server exit: 1

[10:03:05.253] Received install output: OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:1l21OT0ZgybGFmTdWGmmd1ZI6heT0PeTo/46GeYjAZ4

events.js:292

throw er; // Unhandled 'error' event

^
Error [ERR_STREAM_WRITE_AFTER_END]: write after end

at writeAfterEnd (_http_outgoing.js:668:15)

at ServerResponse.end (_http_outgoing.js:789:7)

at Object.onRequest (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\localServer.js:1:2599)

at Server. (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\localServer.js:1:1914)

at Server.emit (events.js:315:20)

at parserOnIncoming (_http_server.js:874:12)

at HTTPParser.parserOnHeadersComplete (_http_common.js:126:17)

Emitted 'error' event on ServerResponse instance at:

at writeAfterEndNT (_http_outgoing.js:727:7)

at processTicksAndRejections (internal/process/task_queues.js:81:21) {

code: 'ERR_STREAM_WRITE_AFTER_END'

}
[10:03:05.253] Stopped parsing output early. Remaining text: OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021debug1: Server host key: ecdsa-sha2-nistp256 SHA256:1l21OT0ZgybGFmTdWGmmd1ZI6heT0PeTo/46GeYjAZ4events.js:292      throw er; // Unhandled 'error' event      ^Error [ERR_STREAM_WRITE_AFTER_END]: write after end    at writeAfterEnd (_http_outgoing.js:668:15)    at ServerResponse.end (_http_outgoing.js:789:7)    at Object.onRequest (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\localServer.js:1:2599)    at Server. (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\localServer.js:1:1914)    at Server.emit (events.js:315:20)    at parserOnIncoming (_http_server.js:874:12)    at HTTPParser.parserOnHeadersComplete (_http_common.js:126:17)Emitted 'error' event on ServerResponse instance at:    at writeAfterEndNT (_http_outgoing.js:727:7)    at processTicksAndRejections (internal/process/task_queues.js:81:21) {  code: 'ERR_STREAM_WRITE_AFTER_END'}

[10:03:05.253] Failed to parse remote port from server output

[10:03:05.254] Resolver error: Error:

at Function.Create (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:63936)

at Object.t.handleInstallOutput (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:62680)

at Object.t.tryInstallWithLocalServer (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:405372)

at processTicksAndRejections (internal/process/task_queues.js:93:5)

at async c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:310658

at async Object.t.withShowDetailsEvent (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:406128)

at async c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:403896

at async S (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:400664)

at async Object.t.resolveWithLocalServer (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:403523)

at async Object.t.resolve (c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:1:314670)

at async c:\Users\user.vscode\extensions\ms-vscode-remote.remote-ssh-0.65.0-beta\out\extension.js:127:110431

[10:03:05.257] ------

Running VSCode 1.62.2 on Windows 10.
Connecting to Ubuntu 20.04 server in AWS.

Connection config:

Host dev:ubuntu
	HostName 10.0.4.226
	User ubuntu
  	IdentityFile C:\Users\user\Keys\key.priv
	RemoteCommand sudo -u www-data -s /bin/bash -i

This command works OK on the host:

$ sudo -u www-data -s /bin/bash -i
www-data@ip-10-0-4-226:/home/ubuntu$

I have tried with no RemoteCommand, it it fails with the same error.

The same config work OK on the latest version of the Remote - SSH extension.

[simonbyrne]

Your ssh config would work for opening an interactive terminal session, but to connect, vscode needs to run a script on your remote. It does this by piping the command through the ssh process. The problem is that it's impossible to pass a script to ssh while RemoteCommand also exists. RemoteCommand will always take precedence and the passed in script will be ignored.

@roblourens This is not quite correct: it is true that you can't provide a command as an argument, e.g. ssh target hostname will return an error ("Cannot execute command-line and remote command."), but you can pipe scripts via stdin (echo hostname | ssh target works as expected, including executing the RemoteCommand).

[ghost]

My use case is simple. I'm required to log in as myself but once inside I'm allowed to become the user that has permissions to edit the website. Have tried group permissions and all that. CPanel (barf) is a battle I've given up fighting. So I just need to ssh in. Then become the owner of the site so I can edit or when I create files ownership will be correct. This little thing would REALLY help. Where else can I upvote?

Thanks!

This is in my (macos) config to connect to Centos:
RequestTTY force
RemoteCommand sudo su someotheruser

[tanhakabir]

Related: #481

[simonbyrne]

Is this in 1.63? I don't see it in the release notes: https://github.com/microsoft/vscode-docs/blob/main/remote-release-notes/v1_63.md

[tanhakabir]

There will be a setting to enable RemoteCommand, remote.SSH.enableRemoteCommand in the newest release of the extension in 0.70.0. (We accidentally released the next stable version early; I'll update the release notes accordingly)

enableRemoteCommand will only work with remote.SSH.useLocalServer = true. Let me know any issues or bugs you see with the experimental setting!

[riccardoangius]

@tanhakabir thank you, much appreciated!

I installed 0.70.0 and tried putting "remote.SSH.enableRemoteCommand": true into settings.json, but the option isn't listed in the configuration print before connection. Am i doing something wrong?

[jk464]

I've hit the same issue of remote.SSH.enableRemoteCommand not appearing to be an option available to me - what do I need to do here?

[simonbyrne]

I updated to 0.70.0, and also tried adding the following to my settings.json file:

    "remote.SSH.enableRemoteCommand": true,
    "remote.ssh.useLocalServer": true,

But the log still shows:

"sshArgs":["-v","-T","-D","57118","-o","ConnectTimeout=15","-o","RemoteCommand=none","hpcx"]

[sordidfellow]

Same issue as simon, but additionally the dependency on useLocalServer is a problem - useLocalServer breaks kerberos authentication, so it's not an option.

[tanhakabir]

Oh our mistake! It will be out soon, we had another publishing issue in our pipeline. I'll ping on this issue again once it's released!

[tanhakabir]

Okay sorry for all the confusion, remote.SSH.enableRemoteCommand will now be available in in the Pre-Release version of the extension.

On the Remote SSH marketplace page you'll be able to see the option to use the Pre-Release version of the extension. By switching to the Pre-Release version you should be able to see the setting now.

The extension should look like this:

[tanhakabir]

@sordidfellow

Same issue as simon, but additionally the dependency on useLocalServer is a problem - useLocalServer breaks kerberos authentication, so it's not an option.

Unfortunately we can only safely enable RemoteCommand for local server connections. Do you have an issue for "useLocalServer breaks kerberos authentication" already?

[afflom]

This only works on localhost? So my .ssh/config for localhost would need to execute another ssh session to a remote?

[tanhakabir]

@afflom I'm not sure what you mean by localhost. remote.ssh.localServer is not localhost but it's one method we use to connect to the remote. It generally works well for most but there are edge cases where it doesn't always work to connect.

[afflom]

Ok, I think that I understand. Thank you @tanhakabir

[TinkerSteve]

remote.ssh.enableRemoteCommand

Works for me .. only when SSH is capital

"remote.SSH.enableRemoteCommand": true,
"remote.SSH.useLocalServer": true,

[jasperhyp]

I checked the options "remote.SSH.enableRemoteCommand": true, "remote.SSH.useLocalServer": true but am still getting some issues. Basically, I am connecting to an HPC server that requires double-verification, and I want to use RemoteCommand to get onto computing node after logging onto the login node (as described in issue #1722 ). My ssh config looks like

Host hpc.login
    User some.user.name
    RemoteCommand srun -t 0-12:00 --pty -p gpu --gres=gpu:1 /bin/bash

However, this resulted in Failed to set up socket for dynamic port forward to remote port 45824: Socket closed and finally failure to connect. I then tried to set "remote.SSH.remoteServerListenOnSocket": true, but in this setting the RemoteCommand becomes none (although I can log in, and I actually automatically log in twice every time, typing passwd two times, each time with a none RemoteCommand), as shown below in the log:

[11:48:00.977] Remote server is listening on /run/user/184812/vscode-ssh-remote-server-sock-1640018879
[11:48:00.977] Parsed server configuration: {"serverConfiguration":{"remoteListeningOn":{"socketPath":"/run/user/184812/vscode-ssh-remote-server-sock-1640018879"},"osReleaseId":"centos","arch":"x86_64","webUiAccessToken":"","sshAuthSock":"","display":"","tmpDir":"/run/user/184812","platform":"linux","connectionToken":"aa11111a-1aa1-111a-a111-11111a111a1a"},"serverStartTime":1695,"installUnpackCode":""}
[11:48:00.979] Running script with connection command: ssh -T -L 127.0.0.1:8507:/run/user/184812/vscode-ssh-remote-server-sock-1640018879 -o RemoteCommand=none "hpc.login.node" bash
[11:48:00.980] Spawning tunnel with: type "C:\Users\Yo\AppData\Local\Temp\vscode-linux-multi-line-command-hpc.login.node-223392234.sh" | ssh -T -L 127.0.0.1:8507:/run/user/184812/vscode-ssh-remote-server-sock-1640018879 -o RemoteCommand=none "hpc.login.node" bash
[11:48:00.981] Terminal shell path: C:\Windows\System32\cmd.exe

Interestingly (not sure if related), the script for the first time of connection is

[11:47:37.964] Running script with connection command: ssh -T -D 8501 -o RemoteCommand=none "o2.hms.harvard.edu" bash
[11:47:37.966] Terminal shell path: C:\Windows\System32\cmd.exe

While the second time is as shown above with a different port that is forwarded to my local machine. Nonetheless, the RemoteCommand are both unexpectedly none.

Am a bit confused. Would appreciate your help!

[tanhakabir]

@jasperhyp would you mind creating another issue with everything you've said here along with the full logs that you saw when you tried the several times to connect?

[jasperhyp]

@jasperhyp would you mind creating another issue with everything you've said here along with the full logs that you saw when you tried the several times to connect?

Sure, I will create one now.