Option to SFTP Connection Script

[daltenbern3]

Issue #4129 For reference: https://github.com/microsoft/vscode-remote-release/issues/4129

Due to issues with CyberArk truncating the initialization script, it is impossible to use the Remote Development extension when connecting to a host through CyberArk.

I would suggest an option that allows the connection script to be sent via SFTP to the remote host then executed afterward. This would force the user to type their credentials in twice but would only be enabled if the user so chooses.

This would allow users who are locked behind a CyberArk Proxy Server to be able to use this extension, while not changing the experience for any standard users.

[singsang2]

I have the same problem!

[jscott88]

This is definitely and issue. Hoping that something can be done about it soon.

[vscode-triage-bot]

This feature request is now a candidate for our backlog. The community has 60 days to upvote the issue. If it receives 10 upvotes we will move it to our backlog. If not, we will close it. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

[hlouidor]

Finally! Hopefully someone will look into this!

[bdub7]

Agreed.

[go4colin]

Let's make this happen.

[vscode-triage-bot]

:slightly_smiling_face: This feature request received a sufficient number of community upvotes and we moved it to our backlog. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

[nbily1]

Very happy this made it into the backlog! Seems it's been raised a few times, but never got enough support to go anywhere.

Just gathering context from the previous issues raised with both the Remote Dev team and CyberArk.

Issue

The default way VS Code passes the install script to the remote host is to pipe the script (as a string?) to the SSH command.

CyberArk PSM uses a jump server to handle the username/password authentication and then connects to the target server from there.

Because the install script is piped, the jump server attempts to run it before the connection has been established to the target (see fig. 1). There are a couple reasons this won't work:

1. Running the install script on the jump server is no good because the target server won't be set up correctly
2. The jump box has some file size limit (4KB?) that causes the script to get truncated and throws and "unexpected EOF" error

Figure 1

Proposed solutions

Add a delay before running the install script

I'm thinking this ultimately won't work because the jump box will still try to execute everything piped to the SSH command before attempting to connect to the target box.

Use SCP to pass the install script instead of piping it

Something like this:

Figure 2

Potential drawback is that the user may need to authenticate twice. Personally, this is better than not being able to connect at all. And if this were an option in settings.json, it would not affect users that do not need to use this method. However, using an SFTP client, I am freely able to pass files back and forth without having to authenticate every time (but maybe this is somehow different).

[olegasdo]

Hello Any update on the progress of the issue?

[wgm32]

I, and several other developers and data scientists, are having this same issue right now when trying to develop remotely on a CyberArk managed server. Has there been any further action on this request to make the install script over sftp a configurable option? Maybe have an option for the user to run the script one time after the first connection? In this day and time of heightened cybersecurity practices and zero trust many more organizations are likely to be using CyberArk as part of their cybersecurity posture. This issue is likely to be encountered more frequently.

[amey2688]

i agree with @wgm32 . Many companies which require highly secure infrastructure are using cyberark. due to this issue , people in companies using cyber ark will not be able to do remote development.this issue should be fixed. people are using air gapped/proxied environment with cyberark so direct internet access is also not allowed

[RajeshSivadasan]

Many times vscode makes the remote linux server irresponsive and hangs the system. I have a t2.micro instance on aws with ubuntu installed which I sometimes connect remotely using vscode. 50% of the time it brings down the remote system and I need to reboot the instance. I am not sure what it is doing remotely but someone needs to seriously look into this extension and make it more lightweight and failproof.

[maximiliank]

Any news regarding this issue?

[ckapolonaris]

Any news anyone? I'm dealing with the same issues as the rest of the data scientists above

[jorgenspange]

Any updates here?

[waardd]

I also would like to know if there is any progress here

[dijarvrella]

A solution here would be greatly appreciated.

[joshspicer]

Does this cyberark tool permit copying files with scp?

That solution wasn't available back when this issue was created, but now it can. Copying via scp is automatic as a fallback, but you can force it with remote.SSH.localServerDownload = always. This comment seems to suggest scp is supported, but I don't have access to cyberark to confirm this.

Could someone actively hoping to connect to a CyberArk (or other environment where ssh would be permitted but not scp) please include their Remote - SSH logs so we can see if adopting another connection medium is the best path forward?

[vs-code-engineering[bot]]

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!

[ifoughal]

Has this being fixed?