vscode-sftp
vscode-sftp copied to clipboard
Natizyskunk
1Password SSH-Agent Support
Is this a similar or duplicate feature request?
- [x] No.
Is your feature request related to a problem? Please describe. I can't get vscode-sftp to connect over SFTP using the 1Password SSH Agent
Describe the solution you'd like Please add support for (or let me know how to configure) 1Password's great new SSH Agent on Windows 10/11
Describe alternatives you've considered
I've tried the following, setting "agent" to "\\\\.\\pipe\\openssh-ssh-agent", but it just gives me an error stating "Error: Cannot parse privateKey: Encrypted OpenSSH private key detected, but no passphrase given"
"agent": "\\\\.\\pipe\\openssh-ssh-agent",
As far as I can tell, 1Password takes over from the OpenSSH agent on Windows 11, I have managed to get it working great in Windows Terminal using ssh/ssh-add -l and on GitHub Desktop.
Am I using the wrong value for "agent"? Could you give us a list of valid agents we can use?
Thanks!
Does this project help you?
- [x] Yes. SFTP IS AWESOME!
This would be so great, just using 1password agent for everything would so helpful!!!
this sounds awesome, I didn't know 1password had an SSH agent! Now I do, I want this!!!!
I tried to get this working using winssh-pageant to forward Pageant to the 1Password agent instead. I get the prompt to unlock 1Password now so it is connecting, but then the handshake times out.
Can anyone tell what is wrong from the debug output?
[04-21 16:03:35] [trace] run command 'List'
[04-21 16:03:35] [info] Using profile: mywebsite.co.uk
[04-21 16:03:36] [debug] Custom crypto binding not available
[04-21 16:03:36] [debug] Local ident: 'SSH-2.0-ssh2js1.5.0'
[04-21 16:03:36] [debug] Client: Trying 123.123.123.123 on port 22 ...
[04-21 16:03:36] [debug] Socket connected
[04-21 16:03:36] [debug] Remote ident: 'SSH-2.0-OpenSSH_7.4'
[04-21 16:03:36] [debug] Outbound: Sending KEXINIT
[04-21 16:03:36] [debug] Inbound: Handshake in progress
[04-21 16:03:36] [debug] Handshake: (local) KEX method: [email protected],curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
[04-21 16:03:36] [debug] Handshake: (remote) KEX method: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[04-21 16:03:36] [debug] Handshake: KEX algorithm: [email protected]
[04-21 16:03:36] [debug] Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
[04-21 16:03:36] [debug] Handshake: (remote) Host key format: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
[04-21 16:03:36] [debug] Handshake: Host key format: ssh-ed25519
[04-21 16:03:36] [debug] Handshake: (local) C->S cipher: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected]
[04-21 16:03:36] [debug] Handshake: (remote) C->S cipher: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
[04-21 16:03:36] [debug] Handshake: C->S Cipher: [email protected]
[04-21 16:03:36] [debug] Handshake: (local) S->C cipher: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected]
[04-21 16:03:36] [debug] Handshake: (remote) S->C cipher: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
[04-21 16:03:36] [debug] Handshake: S->C cipher: [email protected]
[04-21 16:03:36] [debug] Handshake: (local) C->S MAC: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: (remote) C->S MAC: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: C->S MAC: <implicit>
[04-21 16:03:36] [debug] Handshake: (local) S->C MAC: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: (remote) S->C MAC: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[04-21 16:03:36] [debug] Handshake: S->C MAC: <implicit>
[04-21 16:03:36] [debug] Handshake: (local) C->S compression: none,[email protected],zlib
[04-21 16:03:36] [debug] Handshake: (remote) C->S compression: none,[email protected]
[04-21 16:03:36] [debug] Handshake: C->S compression: none
[04-21 16:03:36] [debug] Handshake: (local) S->C compression: none,[email protected],zlib
[04-21 16:03:36] [debug] Handshake: (remote) S->C compression: none,[email protected]
[04-21 16:03:36] [debug] Handshake: S->C compression: none
[04-21 16:03:36] [debug] Outbound: Sending KEXECDH_INIT
[04-21 16:03:36] [debug] Received DH Reply
[04-21 16:03:36] [debug] Host accepted by default (no verification)
[04-21 16:03:36] [debug] Host accepted (verified)
[04-21 16:03:36] [debug] Outbound: Sending NEWKEYS
[04-21 16:03:36] [debug] Inbound: NEWKEYS
[04-21 16:03:36] [debug] Verifying signature ...
[04-21 16:03:36] [debug] Verified signature
[04-21 16:03:36] [debug] Handshake completed
[04-21 16:03:36] [debug] Outbound: Sending SERVICE_REQUEST (ssh-userauth)
[04-21 16:03:36] [debug] Inbound: Received SERVICE_ACCEPT (ssh-userauth)
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (none)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: none auth failed
[04-21 16:03:36] [debug] Agent: Trying key #1
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: Agent key #1 failed
[04-21 16:03:36] [debug] Agent: Trying key #2
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: Agent key #2 failed
[04-21 16:03:36] [debug] Agent: Trying key #3
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_FAILURE (publickey)
[04-21 16:03:36] [debug] Client: Agent key #3 failed
[04-21 16:03:36] [debug] Agent: Trying key #4
[04-21 16:03:36] [debug] Outbound: Sending USERAUTH_REQUEST (publickey -- check)
[04-21 16:03:36] [debug] Inbound: Received USERAUTH_PK_OK
[04-21 16:03:46] [debug] Outbound: Sending DISCONNECT (11)
[04-21 16:03:46] [error] Error: [123.123.123.123]: Timed out while waiting for handshake
at Client.<anonymous> (c:\Users\myusername\.vscode\extensions\natizyskunk.sftp-1.15.13\dist\extension.js:2:242828)
at Client.emit (node:events:402:35)
at Client.emit (node:domain:475:12)
at Timeout._onTimeout (c:\Users\myusername\.vscode\extensions\natizyskunk.sftp-1.15.13\node_modules\ssh2\lib\client.js:1016:16)
at listOnTimeout (node:internal/timers:557:17)
at processTimers (node:internal/timers:500:7)
[04-21 16:03:46] [debug] Socket closed
[04-21 16:03:46] [trace] run command 'Toggle Output Panel'
The initial request if for Windows, but I assume it would be the same for macOS users. I moved all my SSH keys to 1Password, and it's working wonderfully with everything else using SSH :)
-not related to the topic-
I've been reading throw this answer to use KeePassXC as my ssh-agent helper and ssh_key store. but got stuck where sftp extension only accepts pageant on windows and thanks to @bbeckford found the "\\\\.\\pipe\\openssh-ssh-agent" OpenSSH agent socket path(I guess?) and now it's working!
For MacOS you have to use the complete path.
[
{
"name": "<>
"host": "<>",
"protocol": "sftp",
"port": 22,
"username": "<>",
"agent": "/complete_path/to/1password/t/agent.sock",
"remotePath": "<>",
"uploadOnSave": true,
"ignore": [
".vscode",
".git",
".DS_Store"
]
}
]
Weirdly, it doesn't work for me on MacOS, even with the full path like @lroehrs suggested.
First, I get the [warn] Config Option Conflicted. You are specifying "agent" and "privateKey" at the same time, the later will be ignored. warning, which isn't true as I removed privateKey and added the agent setting. I also have no other configuration files, so I have no idea why it's warning me about this.
1Password doesn't ask me to allow the connection so I guess it doesn't connect to the agent at all. I get the [error] Error: [website.com]: All configured authentication methods failed error.
I got it to work on Windows with the agent set to pageant, and I didn't set a privateKeyPath (because 1Password manages this).
I did have to install winssh-pageant (which is generally useful for openSSH compatibility with 1Password and ssh apps that use pageant, like WinSCP)
"agent" : "pageant",
If it doesn't work. Check if you have the "normal" pageant turned on, turning it off and trying again.
Full sftp.json
{
"name": "<>",
"host": "<>",
"protocol": "sftp",
"port": 22,
"username": "<>",
"remotePath": "<>",
"uploadOnSave": true,
"useTempFile": true,
"openSsh": true,
"agent" : "pageant",
"ignore": [
".vscode",
".git",
".DS_Store",
]
}
For me setting the ssh agent works fine (on macos). HOWEVER, the extension seems to be ignoring my ssh config and not reading the hosts I have set causing it to loop through all my keys and hitting a "Too many auth failures" error.
Also it appears the extension doesn't support text-only hosts example: "example"
