In this blog post we'll be setting up SSH public key authentication on a server, and then connecting MS Visual Studio Code to it via the Remote Development extension. This setup has multiple advantages over a simple SSH session via PuTTY or similar:
- Public key authentication is inherently more secure than passwords
- Logs in automatically without pesky password typing
- VS Code supports syntax highlighting and linting for various file types - including docker-compose and Dockerfile
- The Remote Development extension allows us to work on a remote folder as if it were local from the comfort of a full IDE
- Visual tree view of folders, full text search in folders, ability to download files without SCP/FTP and of course a integrated SSH terminal.
The Remote Development extension is technically designed to execute code remotely, but the above makes it a convenient tool for working on server configurations.
- Clean & up to date Ubuntu server (I'm using 19.10)
- MS Visual Studio Code
- Remote Development extension (I'm using 0.19.0 - preview)
- SSH password based access (or physical access via screen & keyboard)
- Backups of important data - changing access to servers has an inherent risk of locking yourself out accidentally
First, create a new user so that we're not using root for everything:
Make the user part of the sudo group:
usermod -aG sudo alexa
It'll ask you for a password to set up the account, but we'll be disabling that shortly. Switch to the newly created user:
Generate the key pair (press enter to skip through the questions):
ssh-keygen -t rsa -b 4096
Switch to the folder where the key pair is stored and display the contents:
cd ~/.ssh && ls
id_rsa.pub is the public key while id_rsa is the private key. The public key goes on the server, while the private key is used to access the server. Display the private key & copy it out into a local file (everything including the BEGIN and END lines):
Next, copy the public key into the authorized_keys file:
cp id_rsa.pub authorized_keys
Gotcha: Key formats used here (OpenSSH/ubuntu/powershell) are incompatible with the format used by PuTTY. You can use PuTTYGen to convert it though should you wish to use PuTTY instead of powershell and it's built in openssh.
Now that we've got the right keys in the right places, lets test it before disabling the password access. Open powershell and connect to the server, substituting the uppercase parts as necessary with your server's IP and private key saved location:
ssh [email protected]_IP -i "PATH_WHERE_YOU_SAVED_THE_PRIVATE_KEY"
If it doesn't complain about the server rejecting the public key then we can proceed with disabling password based access.
Gotcha: OpenSSH in powershell is only enabled by default from version 1803 onwards (Windows 10’s April 2018 Update).
Disable the password prompt for sudo commands by editing the sudo file using the visudo tool:
Changing this part:
%sudo ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
Next we'll make some changes to the SSH daemon:
sudo nano /etc/ssh/sshd_config
Uncomment the following line and change the port to something in the 1025-65535 range. Something north of 50000 is probably a good idea.
Change this to "no" to block remote logins by root. We no longer need that since our new user has sudo rights.
Uncomment this to enable public key authentication:
Gotcha: If you have a firewall enabled (e.g ufw), be sure to add the custom SSH port now else you'll lock yourself out on reboot.
Reboot the server:
You should now be able to log in without a password. For powershell, add the custom port to the command:
ssh [email protected]_IP -p CUSTOM_SSH_PORT -i "PATH_WHERE_YOU_SAVED_THE_PRIVATE_KEY"
With that done all that remains is configuring MS VS Code to connect in the same manner. To do so we'll create a custom SSH config file:
Host SERVER_IP_OR_HOSTNAME User alexa HostName SERVER_IP_OR_HOSTNAME IdentityFile "PATH_WHERE_YOU_SAVED_THE_PRIVATE_KEY"
Gotcha: The Remote Development extension is currently still in preview & appears to have a bug that doesn't cope with spaces in the path for the custom SSH config file, so save this in an appropriate space free path.
Open the command palette with F1 and type in (keeping the > ):
Add the above custom SSH config file path to the following section right at the top of the settings.
And finally, test the connection. Open the command palette with F1 and type in:
>Remote-SSH: Connect to Host...
Type in the hostname (or IP) and hit enter. If successful the bottom left green indicator should show that it's connected to the server via SSH.
We have successfully connected VS Code to the remote server. This links the IDE directly to the servers file system allowing us to create, open and save files from the IDE. It also gives us a convenient folder view, full text search across folders, the ability to download files without SCP/FTP and of course a integrated SSH terminal.