- Autorize SSH connection from a local machine to a distant SSH machine without using a password
- Configure VSCode to use this SSH configuration
- DOC : https://code.visualstudio.com/docs/remote/troubleshooting
- NOTE : how to install OpenSSH Server on windows : https://learn.microsoft.com/fr-fr/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui
- 1. SSH key based authentification
- 2. Initial Configuration of SSH key based authentification
- 3. Usage of SSH key based authentification
- 3.1. Generic SSH configuration for any ssh compatible client
- 3.2. Use a standard SSH client to use SSH key based authentification
- 3.3. Configure VSCode for use of SSH key based authentification
- 3.4. Advanced SSH client conf : SSH conection through another host
- 3.5. Advanced SSH client conf : auto launch a command when connected
LOCAL_KEY="id_rsa_${USER}_$(hostname)"
LOCAL_KEY_PATH="${HOME}/.ssh/$LOCAL_KEY"
mkdir -p ${HOME}/.ssh
rm -f $LOCAL_KEY_PATH
rm -f $LOCAL_KEY_PATH.pub
ssh-keygen -t rsa -b 4096 -f $LOCAL_KEY_PATH -q -N ""
chmod 700 ${HOME}/.ssh
chmod 600 $LOCAL_KEY_PATH
- Transfer your public key into authorized_keys on the target host
TARGET_HOST="my-remote-unix-host"
TARGET_USER="my-remote-unix-user"
ssh-copy-id -i "$LOCAL_KEY_PATH.pub" "${TARGET_USER}@${TARGET_HOST}"
- Transfer your public key into authorized_keys on the target host
TARGET_HOST="my-remote-win-host"
TARGET_USER="my-remote-win-user"
ssh "${TARGET_USER}@${TARGET_HOST}" "powershell New-Item -Force -ItemType Directory -Path \"\$HOME\\.ssh\"; Add-Content -Force -Path \"\$HOME\\.ssh\\authorized_keys\" -Value '$(tr -d '\n\r' < "$LOCAL_KEY_PATH.pub")'"
- on CMD
set "LOCAL_KEY=id_rsa_%USERNAME%_%COMPUTERNAME%"
set "LOCAL_KEY_PATH=%USERPROFILE%\.ssh\id_rsa_%USERNAME%_%COMPUTERNAME%"
if not exist %USERPROFILE%\.ssh mkdir -p %USERPROFILE%\.ssh
if exist %LOCAL_KEY_PATH% del /f %LOCAL_KEY_PATH%
if exist %LOCAL_KEY_PATH%.pub del /f %LOCAL_KEY_PATH%.pub
ssh-keygen -t rsa -b 4096 -f %LOCAL_KEY_PATH% -q -N ""
- on POWERSHELL
$LOCAL_KEY = "id_rsa_" + $Env:UserName + "_" + $Env:ComputerName
$LOCAL_KEY_PATH = "$HOME\.ssh\" + $LOCAL_KEY
if (-not (Test-Path $HOME\.ssh)) { mkdir -p $HOME\.ssh }
If (Test-Path $LOCAL_KEY_PATH) { Remove-Item $LOCAL_KEY_PATH }
If (Test-Path "$LOCAL_KEY_PATH.pub") { Remove-Item "$LOCAL_KEY_PATH.pub" }
ssh-keygen -t rsa -b 4096 -f "$LOCAL_KEY_PATH" -q -N '""'
-
Transfer your public key into authorized_keys on the target host
- on CMD
set "TARGET_HOST=my-remote-unix-host" set "TARGET_USER=my-remote-unix-user" scp %USERPROFILE%\.ssh\%LOCAL_KEY%.pub %TARGET_USER%@%TARGET_HOST%:~/tmp.pub ssh %TARGET_USER%@%TARGET_HOST% "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat ~/tmp.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && rm -f ~/tmp.pub"- on POWERSHELL
$TARGET_HOST = "my-remote-unix-host" $TARGET_USER = "my-remote-unix-user" $PUB_KEY_CONTENT=(Get-Content "$LOCAL_KEY_PATH.pub" | Out-String) ssh "$TARGET_USER@$TARGET_HOST" "mkdir -p ~/.ssh && chmod 700 ~/.ssh && echo '${PUB_KEY_CONTENT}' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
-
Transfer your public key into authorized_keys on the target host
-
The target windows host is expected to have powershell
- on CMD
set "TARGET_HOST=my-remote-win-host" set "TARGET_USER=my-remote-win-user" scp %USERPROFILE%\.ssh\%LOCAL_KEY%.pub %TARGET_USER%@%TARGET_HOST%:%USERPROFILE%/tmp.pub ssh %TARGET_USER%@%TARGET_HOST% "powershell -c Get-Content -Path \"$HOME\tmp.pub\" ^| Add-Content -Force -Path \"$HOME\.ssh\authorized_keys\"; Remove-Item \"$HOME\tmp.pub\""- on POWERSHELL
$TARGET_HOST = "my-remote-win-host" $TARGET_USER = "my-remote-win-user" Get-Content "$LOCAL_KEY_PATH.pub" | Out-String | ssh "$TARGET_USER@$TARGET_HOST" "powershell `"New-Item -Force -ItemType Directory -Path `"`$HOME\.ssh`"; Add-Content -Force -Path `"`$HOME\.ssh\authorized_keys`" `""
-
on a UNIX host SSH configuration file is in
$HOME/.ssh/config -
on a WINDOWS host SSH configuration file is in
%USERPROFILE%\.ssh\config -
Add a section
Host NICKNAME
HostName TARGET_HOST
User TARGET_USER
Port N
IdentityFile LOCAL_KEY_PATH
LOCAL_KEY_PATH must be the path of the local private key file
- Sample on a UNIX host
Host a-nickname
HostName my-remote-host
User my-remote-user
Port 22
IdentityFile ~/.ssh/.ssh/id_rsa_my-local-unix-user_my-local-unix-hostname
- Sample on a WINDOWS host
Host a-nickname
HostName my-remote-host
User my-remote-user
Port 22
IdentityFile C:/Users/my-local-windows-user/.ssh/id_rsa_my-local-windows-user_my-local-windows-machine-name
- Option 1 : Generic format using nickname from SSH configuration file
ssh a-nickname
- Option 2 : Generic format using identify file
ssh -i LOCAL_KEY_PATH TARGET_USER@TARGET_HOST
LOCAL_KEY_PATH must be the path of the local private key file
- VSCode use SSH configuration file
- Ctrl+Shift+P / Remote-SSH: Open SSH Configuration File / Choose path from your user home directory will show your SSH configuration file
- SSH Connect to a
my-remote-host1through another hostmy-remote-host2
Host nickname1
HostName my-remote-host1
User my-remote-user1
Port 22
IdentityFile LOCAL_KEY_PATH
Host nickname2
HostName my-remote-host2
User my-remote-user2
Port 22
IdentityFile LOCAL_KEY_PATH
ProxyCommand ssh -q -W %h:%p nickname1
# Auto launch command : echo connected; bash -l
Host nickname
HostName my-remote-host
User my-remote-user
IdentityFile LOCAL_KEY_PATH
RemoteCommand echo connected; bash -l
RequestTTY yes