77

I am using vscode to connect to a remote host. I use Remote-SSH (ms-vscode-remote.remote-ssh) extension to do so. Every time I want to connect to the remote host, I need to enter the password.

Is there a way to save the ssh password to vscode?

Mayank Kumar Chaudhari
  • 16,027
  • 10
  • 55
  • 122

4 Answers4

96

To setup password-less authentication for ssh on Visual Studio Code, perform the following steps.

These examples assume the following (replace with your actual details)

Host: myhost
Local User: localuser 
Remote User: remoteuser
Remote User Home Dir: remoteuserhome
SSH Port:  22

I'm using a Mac so Windows will be a bit different but the basics are the same

Tell VS Code and your machine in general how you will be connecting to myhost

Edit:

/Users/<localuser>/.ssh/config

Add:

Host <myhost>
  HostName <myhost>
  User <remoteuser>
  Port 22
  PreferredAuthentications publickey
  IdentityFile "/Users/<localuser>/.ssh/<myhost>_rsa"

Next generate a public and a private key with something like OpenSSL

ssh-keygen -q -b 2048 -P "" -f /Users/<localuser>/.ssh/keys/<myhost>_rsa -t rsa

This should make two files:

<myhost>_rsa        (private key)
<myhost>_rsa.pub    (public key)

The private key (<myhost>_rsa) can stay in the local .ssh folder

The public key (<myhost>_rsa.pub) needs to be copied to the server (<myhost>)

I did it with FTP but you can do it however you wish but it needs to end up in a similar directory on the server.

ON THE SERVER

There is a file on the server which has a list of public keys inside it.

 <remoteuserhome>/.ssh/authorized_keys

If it exists already, you need to add the contents of <myhost>_rsa.pub to the end of the file.

If it does not exist you can use the <myhost>_rsa.pub and rename it to authorized_keys with permissions of 600.

If everything goes according to plan you should now be able to go into terminal and type

ssh <remoteuser>@<myhost>

and you should be in without a password. The same will now apply in Visual Studio Code.

blissweb
  • 3,037
  • 3
  • 22
  • 33
  • 4
    great answer! but no need to copy _rsa.pub file, only to copy its contents and paste it on authorized_keys on the server. – Eran Jan 18 '22 at 07:51
  • 19
    This does not answer the original question. – Jarle Hammen Knudsen Apr 03 '22 at 23:33
  • 1
    ssh-copy-id did not add PreferredAuthentications option. added it with the help of this answer – Fakeer Apr 26 '22 at 03:04
  • PreferredAuthentications option only works if host allows public key auth, if it's explicitly disabled (as is the practice in some environments) you will be left SOL – niken Aug 19 '22 at 12:21
  • 2
    "/Users//.ssh/_rsa" should be "/Users//.ssh/keys/_rsa" – outsider Oct 14 '22 at 23:23
  • Do you have to add these two lines 'PreferredAuthentications publickey IdentityFile "/Users//.ssh/_rsa"' to the local config file as well? – Xue Dec 23 '22 at 18:27
  • 1
    I followed the steps by 1) copying the public key to the server and changing the file name as authorized_keys, 2) adding the two line to the config file of the server, but the ssh username@host still ask for password, somehow. – Xue Dec 23 '22 at 18:32
  • This method is a bit strange, because you are creating a public/private key pair on your *local* machine, and then copying that to the server. I don't doubt that it works, however the usual procedure would be to create the public/private key on the *server* first, and then copy one half of that key pair to the machine which will be used to connect to the server. (Your local machine, or the client) – FreelanceConsultant Apr 04 '23 at 09:08
25

Let's answer the OP's question first:

How to 'save ssh password'?

Since there is no such thing as "ssh password", the answer to "how to save the remote user password" is:

This is not supported by VSCode.

VSCode proposes to setup an SSH Agent in order to cache the passphrase (in case you are using an encrypted key)

But if the public key was not properly registered to the remote account ~/.ssh/authorized_key, SSH daemon will default to the remote user credentials (username/password).

It is called PasswordAuthentication, often the remote user password.

And caching that password is not supported for SSH sessions.

It is only supported by a Git credential helper, when using HTTPS URLs.
(it defers to the OS underlying credential manager)
But I don't know of a remote user password cache when SSH is used.

As Chagai Friedlander comments, the answer to the original question is therefore:

No, but you can use SSH keys and that is better.

Speaking of SSH keys:

"ssh password": Assuming you are referring to a ssh passphrase, meaning you have created an encrypted private key, then "saving the ssh password" would mean caching that passphrase in order to avoid entering it every time you want to access the remote host.

Check first if you can setup the ssh-agent, in order to cache the passphrase protecting your private key.
See "VSCode: Setting up the SSH Agent"

This assumes you are using an SSH key, as described in "VSCode: Connect to a remote host", and you are not using directly the remote user password.

Using an SSH key means its public key would have been registered to the remote account ~/.ssh/authorized_keys file.

This section is the workaround the OP ended up accepting: registering the public key on the remote user account, and caching the local private key passphrase worked.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • 56
    This is still not an answer to the question 'save ssh password'. – Alsein Jul 02 '21 at 07:02
  • @Alsein Yet, that is the VSCode Remote documentation proposes: https://code.visualstudio.com/docs/remote/troubleshooting#_setting-up-the-ssh-agent. It will cache the ssh password, allowing you to *not* have to enter it every time you want to connect to the remote host. As asked in the question. – VonC Jul 02 '21 at 07:06
  • 11
    It caches the passphrase of a key, not a password, which is commonly known as username-password authentication and should not be confused with passphrase. – Alsein Jul 02 '21 at 07:18
  • @Alsein The question is, and I am quoting: "ssh password", a colloquialism usually referring to the ssh private passphrase protecting the encrypted SSH private key. SSH-agent is the way. – VonC Jul 02 '21 at 07:21
  • 8
    I don't think a name that there is not any other alias could refer to could be taken as a 'colloquialism' to another concept. "ssh password", in common sense, is literally a password that is used while logging in to an ssh server. Although it is not recommended, there is no way to say that it could not have a name that clearly refers to it without confusion. If "ssh password" means private key passphrase, what simply means the ssh password? – Alsein Jul 02 '21 at 08:11
  • @Alsein I agree with you. I have edited my answer to clearly point out my proposed (and accepted by the way) solution pertains only to a private encrypted SSH key, protected indeed by a *passphrase* (often incorrectly referred as a "password") – VonC Jul 02 '21 at 08:15
  • 5
    I think the correct answer is "no, but you can use ssh keys and that is better" – Chagai Friedlander Aug 20 '21 at 09:38
  • 3
    this answer is not about a ssh password. The question is clearly about saving ssh password credentials, so a user is not prompted each time. I normally would not comment but search brings this item up first in results. – Shawn Cicoria Oct 28 '21 at 16:09
  • @ShawnCicoria Am I right, though, to think there is no such thing as an "SSH password"? (only passphrase for private encrypted SSH key)? And no such thing as "SSH password credential"? (only a remote user credential, which the SSH protocol falls back to, when the publickey method fails, assuming the ssh daemon on the remote side allows PasswordAuthentication). I know about user credential caching when connecting with an HTTPS URL (through the Git credential helper, which defers to the OS credential manager). I don't know of an equivalent when used with SSH URL. – VonC Oct 28 '21 at 20:46
  • 1
    Still this answer is not correct.... It answers something different not the original question. @mayank1513 How could you accept this as the answer for your question? – Osama F Elias Oct 29 '21 at 06:48
  • @OsamaFElias OK: I have edited the answer to address the origin question. The OP accepted the answer because it originally pointed out to the correct answer: use the SSH key (ie register the public key in the remote account), instead of trying to cache the remote user password. – VonC Oct 29 '21 at 06:53
  • 1
    @vonc there is a mode for ssh to accept passwords as a server challenge for credentials. It is completely disconnected from ssh key or the passphrase that protects the local private key. https://superuser.com/questions/161609/can-someone-explain-the-passwordauthentication-in-the-etc-ssh-sshd-config-fil – Shawn Cicoria Oct 30 '21 at 13:44
  • 3
    @ShawnCicoria Yes, I did mention `PasswordAuthentication` in my previous comment. And caching that password does not seem supported in VSCode for SSH session. – VonC Oct 30 '21 at 17:12
  • I agree, for example Core Shell does indeed save your actual host password in the Mac OSX keychain. Shame VScode can't do that. It would be good. – blissweb Nov 15 '21 at 04:51
  • 1
    @ChagaiFriedlander the question is "HOW to save password" and your answer is "no, but.." don't you see any problem here? – Amphyby Nov 01 '22 at 10:09
19

For those trying to connect through Vscode Remote SSH Extension steps provided at https://code.visualstudio.com/docs/remote/troubleshooting#_ssh-tips)

For Windows(Host) --> Linux(Remote)

  1. Create an SSH .pub key in your windows ssh-keygen -t rsa -b 4096
  2. Copy the contents of the .pub key (default path C:\Users\username/.ssh/id_rsa.pub)
  3. SSH into Remote machine and append the contents of the pub key in authorized keys echo "pub-key" >> ~/.ssh/authorized_keys
Abid Zaidi
  • 357
  • 4
  • 12
0

After locally configuring /.ssh/config,

On the local terminal, run:

  1. $ ssh-keygen
  2. $ type $env:USERPROFILE.ssh\id_rsa.pub | ssh ip or username@hostname "cat >> .ssh/authorized_keys"
  3. Enter your remote pswd to the prompt.

Then simply run:

  1. $ ssh ip or username@hostname You're in!
Ariel Szmerla
  • 31
  • 5