Guide to :
- Autorize SSH connection from a local machine to a distant SSH machine without using a password
- Configure VSCode to use this SSH configuration
Some other informations :
- Some other doc/links : https://code.visualstudio.com/docs/remote/troubleshooting
- Other notes how to install OpenSSH Server on windows : https://learn.microsoft.com/fr-fr/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui
- How to use this guide :
- 1. SSH key based authentification
- 2. Initial Configuration of SSH key based authentification
- 3. Usage of SSH key based authentification
- 3.1. Generic SSH configuration for any ssh compatible client
- 3.2. Use a standard SSH client to use SSH key based authentification
- 3.3. Configure VSCode for use of SSH key based authentification
- 3.4. Advanced SSH client conf : SSH conection through another host
- 3.5. Advanced SSH client conf : auto launch a command when connected
- You are on a UNIX machine from where your want to connect to other machine
- Instructions :
- Follow 2.1.1 to generate ssh keys
- then follow 2.1.2 to connect to a UNIX ssh host OR 2.1.3 to connect to a WINDOWS ssh host
- Generate a pair of public (.pub file) and private keys
LOCAL_KEY="id_rsa_${USER}_$(hostname)" LOCAL_KEY_PATH="${HOME}/.ssh/$LOCAL_KEY" mkdir -p ${HOME}/.ssh rm -f $LOCAL_KEY_PATH rm -f $LOCAL_KEY_PATH.pub ssh-keygen -t rsa -b 4096 -f $LOCAL_KEY_PATH -q -N "" chmod 700 ${HOME}/.ssh chmod 600 $LOCAL_KEY_PATH
- Transfer your public key into authorized_keys on the target host
TARGET_HOST="my-remote-unix-host" TARGET_HOST_PORT=22 TARGET_USER="my-remote-unix-user" ssh-copy-id -i "$LOCAL_KEY_PATH.pub" "${TARGET_USER}@${TARGET_HOST}" -p $TARGET_HOST_PORT
-
Transfer your public key into authorized_keys on the target host
TARGET_HOST="my-remote-win-host" TARGET_USER="my-remote-win-user" ssh "${TARGET_USER}@${TARGET_HOST}" -p $TARGET_HOST_PORT "powershell New-Item -Force -ItemType Directory -Path \"\$HOME\\.ssh\"; Add-Content -Force -Path \"\$HOME\\.ssh\\authorized_keys\" -Value '$(tr -d '\n\r' < "$LOCAL_KEY_PATH.pub")'"
-
You are on a WINDOWS machine from where your want to connect to other machine
-
Instructions :
- Follow 2.2.1 to generate ssh keys
- then follow 2.2.2 to connect to a UNIX ssh host OR 2.2.3 to connect to a WINDOWS ssh host
- On your windows machine choose either commands to execute in CMD OR POWERSHELL, do not change when following this how to from the start
- Generate a pair of public (.pub file) and private keys
-
on CMD
set "LOCAL_KEY=id_rsa_%USERNAME%_%COMPUTERNAME%" set "LOCAL_KEY_PATH=%USERPROFILE%\.ssh\id_rsa_%USERNAME%_%COMPUTERNAME%" if not exist %USERPROFILE%\.ssh mkdir -p %USERPROFILE%\.ssh if exist %LOCAL_KEY_PATH% del /f %LOCAL_KEY_PATH% if exist %LOCAL_KEY_PATH%.pub del /f %LOCAL_KEY_PATH%.pub ssh-keygen -t rsa -b 4096 -f %LOCAL_KEY_PATH% -q -N "" -
on POWERSHELL
$LOCAL_KEY = "id_rsa_" + $Env:UserName + "_" + $Env:ComputerName $LOCAL_KEY_PATH = "$HOME\.ssh\" + $LOCAL_KEY if (-not (Test-Path $HOME\.ssh)) { mkdir -p $HOME\.ssh } If (Test-Path $LOCAL_KEY_PATH) { Remove-Item $LOCAL_KEY_PATH } If (Test-Path "$LOCAL_KEY_PATH.pub") { Remove-Item "$LOCAL_KEY_PATH.pub" } ssh-keygen -t rsa -b 4096 -f "$LOCAL_KEY_PATH" -q -N '""'
-
-
Transfer your public key into authorized_keys on the target host
-
on CMD
set "TARGET_HOST=my-remote-unix-host" set "TARGET_HOST_PORT=22" set "TARGET_USER=my-remote-unix-user" scp %USERPROFILE%\.ssh\%LOCAL_KEY%.pub %TARGET_USER%@%TARGET_HOST%:~/tmp.pub ssh %TARGET_USER%@%TARGET_HOST% -p %TARGET_HOST_PORT% "sh -c 'mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat ~/tmp.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && rm -f ~/tmp.pub'" -
on POWERSHELL
$TARGET_HOST = "my-remote-unix-host" $TARGET_HOST_PORT = "22" $TARGET_USER = "my-remote-unix-user" $PUB_KEY_CONTENT=(Get-Content "$LOCAL_KEY_PATH.pub" | Out-String) ssh "$TARGET_USER@$TARGET_HOST" -p $TARGET_HOST_PORT "sh -c 'mkdir -p ~/.ssh && chmod 700 ~/.ssh && echo '${PUB_KEY_CONTENT}' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys'"
-
-
Transfer your public key into authorized_keys on the target host
-
The target windows host is expected to have powershell
-
on CMD
set "TARGET_HOST=my-remote-win-host" set "TARGET_HOST_PORT=22" set "TARGET_USER=my-remote-win-user" scp %USERPROFILE%\.ssh\%LOCAL_KEY%.pub %TARGET_USER%@%TARGET_HOST%:%USERPROFILE%/tmp.pub ssh %TARGET_USER%@%TARGET_HOST% -p %TARGET_HOST_PORT% "powershell -c Get-Content -Path \"$HOME\tmp.pub\" ^| Add-Content -Force -Path \"$HOME\.ssh\authorized_keys\"; Remove-Item \"$HOME\tmp.pub\"" -
on POWERSHELL
$TARGET_HOST = "my-remote-win-host" $TARGET_HOST_PORT = "22" $TARGET_USER = "my-remote-win-user" Get-Content "$LOCAL_KEY_PATH.pub" | Out-String | ssh "$TARGET_USER@$TARGET_HOST" -p "$TARGET_HOST_PORT" "powershell `"New-Item -Force -ItemType Directory -Path `"`$HOME\.ssh`"; Add-Content -Force -Path `"`$HOME\.ssh\authorized_keys`" `""
-
-
Instructions to configure all your SSH client of your current machine
- If you are on a UNIX machine, edit your SSH configuration file in
$HOME/.ssh/config - If you are on a WINDOWS machine, edit your SSH configuration file in
%USERPROFILE%\.ssh\config
- If you are on a UNIX machine, edit your SSH configuration file in
-
Add a section in your SSH configuration file
Host NICKNAME HostName <TARGET_HOST> User <TARGET_USER> Port <TARGET_HOST_PORT> IdentityFile <LOCAL_KEY_PATH><TARGET_HOST>,<TARGET_HOST_PORT>,<TARGET_USER>: Replace these values by the previous ones<LOCAL_KEY_PATH>: must be the path of the local private key file
-
Sample on a UNIX host
Host a-nickname HostName my-remote-host User my-remote-user Port 22 IdentityFile ~/.ssh/.ssh/id_rsa_my-local-unix-user_my-local-unix-hostname -
Sample on a WINDOWS host
Host a-nickname HostName my-remote-host User my-remote-user Port 22 IdentityFile C:/Users/my-local-windows-user/.ssh/id_rsa_my-local-windows-user_my-local-windows-machine-name
-
Option 1 : Generic format using nickname from SSH configuration file
ssh a-nickname -
Option 2 : Generic format using identify file
ssh -i <LOCAL_KEY_PATH> <TARGET_USER>@<TARGET_HOST> -p <TARGET_HOST_PORT><TARGET_HOST>,<TARGET_HOST_PORT>,<TARGET_USER>: Replace these values by the previous ones<LOCAL_KEY_PATH>: must be the path of the local private key file
- VSCode use SSH configuration file
- Ctrl+Shift+P / Remote-SSH: Open SSH Configuration File / Choose path from your user home directory will show your SSH configuration file
- SSH Connect to a
my-remote-host1through another hostmy-remote-host2Host nickname1 HostName my-remote-host1 User my-remote-user1 Port 22 IdentityFile <LOCAL_KEY_PATH> Host nickname2 HostName my-remote-host2 User my-remote-user2 Port 22 IdentityFile <LOCAL_KEY_PATH> ProxyCommand ssh -q -W %h:%p nickname1<LOCAL_KEY_PATH>: must be the path of the local private key file
- Auto launch command when connection extablished :
echo connected; bash -lHost nickname HostName my-remote-host User my-remote-user IdentityFile <LOCAL_KEY_PATH> RemoteCommand echo connected; bash -l RequestTTY yes<LOCAL_KEY_PATH>: must be the path of the local private key file