vscode-remote-release
vscode-remote-release copied to clipboard
microsoft
Changing User on Remote Machine
My problem: On my remote host I have my personal user and users that can only edit specific projects. Only my personal user is configured to be accessible directly with SSH. Usually, when I have to work on source code directly on the machine, I connect via SSH, change my user to the project user and edit the code with VIM. It seems that this workflow is currently not possible with this extension.
Is it possible to change the user after connecting? So I can connect with my personal account, switch user to the one I want (which has no SSH keys but has the permissions to edit certain files) and open the files as that user.
Same problem.
I've tried to configure RemoteCommand to run su user, but it doesn't work.
I also get this issue. I notice that Windows Remote Desktop won't remember me when I tick the box, maybe it's related?
i can only via ec2-user to ssh aws ec2 .then i need to change user to root for remaining work.but vs code just can not refresh current work folder to user root.please add this function in the future. infinity ths!
If RemoteCommand doesn't help, you could try using a remote-side command in ~/.ssh/authorized_keys. You need a dedicated key pair for this to work.
- On your local machine, create a new SSH identity (key pair) with
ssh-keygen -f ~/.ssh/id_vscode- This creates two files, the private key which should never leave your local machine
id_vscode, and a public keyid_vscode.pubwhich is installed on remote systems
- This creates two files, the private key which should never leave your local machine
- On the remote machine, add a line to
~/.ssh/authorized_keywhich begins (inc. quotes!)command="$SSH_ORIGINAL_COMMAND" - and finish the line by pasting your public key, ensuring there is at least one space between the prefix and the key proper
- Test it on local by running
ssh -i ~/.ssh/id_vscode -tt user@hostname bash- It should give you a completely ordinary shell
- If you have a complex
~/.ssh/configon your local, try excluding it andssh-agent, e.g.env -u SSH_AUTH_SOCK ssh -tt -F /dev/null -i ~/.ssh/id_vscode user@hostname bash
All good? Now go change the command="$SSH_ORIGINAL_COMMAND" to do whatever you need when logging in. For example, command="su -c '$SSH_ORIGINAL_COMMAND' otheruser" or command="sudo -u otheruser $SSH_ORIGINAL_COMMAND"
If
RemoteCommanddoesn't help, you could try using a remote-sidecommandin~/.ssh/authorized_keys. You need a dedicated key pair for this to work.
On your local machine, create a new SSH identity (key pair) with
ssh-keygen -f ~/.ssh/id_vscode
- This creates two files, the private key which should never leave your local machine
id_vscode, and a public keyid_vscode.pubwhich is installed on remote systemsOn the remote machine, add a line to
~/.ssh/authorized_keywhich begins (inc. quotes!)command="$SSH_ORIGINAL_COMMAND"and finish the line by pasting your public key, ensuring there is at least one space between the prefix and the key proper
Test it on local by running
ssh -i ~/.ssh/id_vscode -tt user@hostname bash
- It should give you a completely ordinary shell
- If you have a complex
~/.ssh/configon your local, try excluding it andssh-agent, e.g.env -u SSH_AUTH_SOCK ssh -tt -F /dev/null -i ~/.ssh/id_vscode user@hostname bashAll good? Now go change the
command="$SSH_ORIGINAL_COMMAND"to do whatever you need when logging in. For example,command="su -c '$SSH_ORIGINAL_COMMAND' otheruser"orcommand="sudo -u otheruser $SSH_ORIGINAL_COMMAND"
I tried this and unfortunately does not work. An error is thrown during login citing the need to run su from a terminal.
Has once solution, a bit curious.
Performed on Centos7 server, with user on the sudoers list. BE CAREFULL, this will ALWAYS redirect you to the another user.
Create or edit the file .bashrc on your server current user folder and add the following at the end of file
sudo su - <another_user_name>
Save the file and reload VSCode window.
Create or edit the file
.bashrcon your server current user folder and add the following at the end of filesudo su - <another_user_name>Save the file and reload VSCode window.
Doesn't work for me. VSCode will just hang in the connecting state if I try to do this. Tested on RHEL 7.
I wonder if this gets the attention it needs. Currently, this is a showstopper. It makes the ssh-remote plugin UI integration useless if one is using security best practise and seperates the application execution user - with limited permissions - from the actual ssh users.
I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826
After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:
ctrl + `
make node run as root
sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh
Restart remote vscode
pkill -f vscode
None of these are working for me to connect to Cent7. I can do the tests in https://github.com/microsoft/vscode-remote-release/issues/690#issuecomment-650273144 but it still runs as the limited user, and doesn't switch to the user I set in the command=""
@arashilmg Thank you, it works. This actually start vscode server with sudo (add sudo when start vscode-server in server.sh) but not configurable. If the extention support change the user or sudo cmd will be perfect.
I do this as a workaround to run vscode as root but not ssh as root: https://gist.github.com/arashilmg/d0e52c03338ecd043122bd698a9c9826
After login via vscode-remote-ssh for the first time (vscode-server will gets installed), run these in the integrated terminal:
ctrl + `
make node run as root
sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.shRestart remote vscode
pkill -f vscode
Any updates on this?
We're using a special user in combination with our deployer.php setup - and we cannot SSH into the server as this deploy user - only as a generic one
Any updates here?
Using a sudo user is not a good idea, then all actions on those files have to be from a sudo user.
@arashilmg Do you have a way to reverse this command?
sed -i "/node/s/^/sudo /" ~/.vscode-server/bin/*/server.sh
I ran it locally on WSL and now I can't start VS Code servers locally 🤦
Edit: I ended up running rm -rf ~/.vscode-server/bin/[MY-UNIQUE-INSTANCE-ID] which seems to have done the job.
This was my work around in case anyone is interested: https://github.com/microsoft/vscode-remote-release/issues/141#issuecomment-853359145
Vote for this !!!! A similar feature is a fundamental feature for remote maintenance, Test automation, and IT automation ( Ansible). For example, automatic tests must run under user by choice.
I love the work going into this extension and seeing the progress being made! I agree with others here that for my use case, it's not usable in its current form.
Like most folks, I have my application running under an "app" user with restricted permissions, all the code etc... lives in /home/app - that is write restricted to the "app" user naturally.
For obvious security reasons, the "app" user can't SSH, so the only way to remotely debug is to SSH into the server as a developer account and "sudo su" to the app user.
If there was some sort of "post-connect" script that could be specified in the remote ssh extension settings, I think it would solve this problem - as well as several others potentially. This would just be a snippet that would execute on the remote server immediately after successful authentication. For obvious security reasons, it would probably be a good idea to prompt/confirm execution of the script before running it.
Thanks!!
This was my work around in case anyone is interested: #141 (comment)
This one actually worked for me. Thank you @leon-v
