sftp issues

[pwwang]

Great extension! But I am facing some issues while using the sftp protocol:

1. Symbolic links are not recognized.
2. We have to put password in the URI? It's showing in the "OPEN EDITORS". "tryKeyboard" seems not working. What about some ssh servers using RSA token as authentication to login?
3. Can we echo something to the server timely to keep the session alive for longer time?
   Thanks!

[mkloubert]

@pwwang

Since new version 0.15.4:

1. Symbolic links are supported. There is a new URL parameter, called follow, which is (true) by default, and checks if a symbolic link is a file or directory (if possible).
2. You can now define an URL parameter, called auth, which can define the path to a file, which contains the username and password in the format as in the URI (username:password). Relative paths will be mapped to your / user's home directory. An alternative is to work with SSH keys, handled by key and phrase parameters, as describes here.
3. This is already done. For that I always do a listening of the root directory (/) by default, to check if the connection is still alive. This is no good solution, but there is no "NOOP" api, provided by ssh2-sftp-client module, I use ... but you can now define and execute a custom command on the SFTP server, like uname, something that is fast and does not produce much traffic ... this is done by the noop parameter, e.g. noop=uname

All the new things work for FTP connections too.

[pwwang]

@mkloubert Thanks for the update. I tried the new version on different machines, seems I couldn't connect the server even with username:password explicitly in the URI.
For auth parameter, I was on Windows, so I used auth=D:\\auth.txt. Does that make any sense?

[mkloubert]

@pwwang

You also have to encode that path and you should not use double backslashes: D:\auth.txt becomes D%3A%5Cauth.txt in your case.

My suggestion is, to store that file into your user directory, something like C:\Users\pwwang\auth.txt, so you only need to setup the parameter as auth=auth.txt, because relative paths will be mapped to the home directory of the currently running user.

[mkloubert]

@pwwang

BTW.: tryKeyboard should work now since version 0.17.0.

[pwwang]

@mkloubert Awesome! Both explicit credentials in URI and through auth file worked.
But tryKeyboard seems still not working. I used a URI like sftp://server/path/to/somewhere?tryKeyboard=1. After it tried to connect, nothing happened, not even a! sign on the right of the folder name to indicate the connection failure. I guess an expect behavior should be something pops up asking me to input the password?

[mkloubert]

@pwwang

tryKeyboard works for me ... It does not mean that you have to input the credentials. You always have to setup the username and password in the URL!

tryKeyboard is an "internal" SSH thing, it has nothing to do with the GUI and VS Code ... have a look at that documentation to get more information, what this setting means.

[pwwang]

@mkloubert That documentation says it's a keyboard-interactive user authentication if primary authentication fails. I am a little confused. Does that mean I have to put a fake password in the URI? How did it work for you? Could you please give a demo on that? Thank you so much!

[mkloubert]

@pwwang

This setting "simulates" an user interaction and depends on the SSH config on the server. The underlying module is non-interactive.

You always have to setup the real password in the URL or an auth file, no fake one!

If the server does not accept the "standard" login, it sends a request for a "try keyboard" event and the module does a secondary login method, defined with the password, you have defined.

[pwwang]

@mkloubert Thanks for the explanation, I understand now.
So is the authentication of this extension relying on ssh2-sftp-client/ssh2? I have read their docs, found there is no method for an ssh server using RSA securID token to login. Does that mean it's also not supported by remote-workspace?

[mkloubert]

@pwwang

Thats right, I am using ssh2-sftp-client/ssh2 module for this.

What do you mean with "RSA securID token"? Login with private / public key?

If so: This is supported by the module and that extension. For this, you have to use key and/or phrase parameters.

[pwwang]

@mkloubert

The "RSA securID token" is something that replaces password. You may have a hard token or soft one, which changes every minutes. I tried to find some web pages explaining this, but unfortunately, just found this one: https://fermi.service-now.com/kb_view.do?sysparm_article=KB0011463

I know the extension relies on 3rd-party packages, probably I should open an issue there.
Thanks for the responses and updates. I will close this for now.