Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't connect through jumpbox #18

Open
TheStoof opened this issue May 2, 2019 · 19 comments

Comments

@TheStoof
Copy link

commented May 2, 2019

Some users may leverage ~/.ssh/config to set up ProxyJump and ProxyCommands to get to their endpoints. Currently, it appears that VSCode Remote only supports a direct connection.

@tralston

This comment has been minimized.

Copy link

commented May 3, 2019

I'm able to connect to a JumpHost endpoint. Mine are configured in my config file. The only thing I had to do was copy my SSH key to the remote endpoint (and jump hosts). For example, if my config was:
local -> jump1 -> jump2 -> server
Then I'd have to run "ssh-copy-id" for jump1, then for jump2, then for server. After that, VSCode connected just fine.

@TheStoof

This comment has been minimized.

Copy link
Author

commented May 3, 2019

I am able to do the same, but what I found was that I could do the following:

local -> server = OK
local -> jump1 -> server = able to authenticate, but unable to connect.

I do know that when VSC connects to the remote server, it attempts to install or run a service. My suspicion is that by jumping through from X to Y to Z, the service ends up installing on Y and not X. Perhaps maybe there’s a better way to pivot using JumpHost as you said rather than ProxyCommand.

I’ll give ProxyJump a shot.

@tralston

This comment has been minimized.

Copy link

commented May 3, 2019

@TheStoof for what it's worth, here's an excerpt from my config file (sanitized):

host jump1-alias
  HostName jump1
  User myUser
  Port 2202

host server-alias
  HostName server
  User myUser
  Port 2202
  ProxyCommand ssh -W %h:%p jump1-alias
@tralston

This comment has been minimized.

Copy link

commented May 3, 2019

@TheStoof I just attempted the same connection, but from a Windows 10 machine with WSL, and it didn't work (same problem as #34). It did work though from my Mac.

@msalvaris

This comment has been minimized.

Copy link

commented May 7, 2019

Yea, tried various options and nothing succesful to far. I was able to connect once by creating a tunnel in WSL and pointing the Hostname and Port to the tunnel but wasn't able to repeat.

@pd93

This comment has been minimized.

Copy link

commented May 9, 2019

Ran into this issue while trialing Remote SSH as an alternative to local development. Connecting from a Windows 10 machine to a remote box works, but only when connecting directly. We cannot connect to any hosts via a jumpbox. In other words:

  • local -> jumpbox works
  • local -> jumpbox -> remote doesn't work

Here's my (sanitized) config:

Host jumpbox
    HostName    12.34.56.78
    Port        22
    User        user

Host remote
    Hostname    172.16.0.1
    Port        22
    User        user
    ProxyJump   jumpbox

There is no way for us to SSH into a remote machine without tunneling through a jumpbox, so this functionality it absolutely necessary for us to use Remote - SSH.

@LeuisKen

This comment has been minimized.

Copy link

commented May 10, 2019

I'm trying to solve this issue by writing a new RemoteAuthorityResolver, which the Remote SSH and Remote Container based on. But there is no document about this API...

@suanrong

This comment has been minimized.

Copy link

commented May 20, 2019

Anyone solve this issue?

@msalvaris

This comment has been minimized.

Copy link

commented May 20, 2019

@suanrong

Anyone solve this issue?

I was able to overcome the issue by using this method
#117

I create the proxy in wsl and simply make sure that my ssh config points to localhost and the correct port.

@pd93

This comment has been minimized.

Copy link

commented May 30, 2019

I decided to try SSHing (with the same config as above) to my remote boxes via Powershell today. This should use the same version of SSH as the Remote - SSH extension (rather than the WSL version of SSH).

Unsurprisingly, I got exactly the same result, but a better error message

  • local -> jumpbox works
  • local -> jumpbox -> remote fails with the error:
CreateProcessW failed error:2
posix_spawn: No such file or directory

A quick search of the error found PowerShell/Win32-OpenSSH#1185.
Not 100% sure if related, but that issue was fixed in Jan which implies that if that issue is the problem, this would be fixed in 1903. Unfortunately, we're still on 1809 at work, so I can't test.

A bit more searching also found PowerShell/Win32-OpenSSH#1172. This issue seems more relevant than 1185, but is still open 😢

@roblourens roblourens changed the title Offer ability to tunnel through to endpoint Can't connect through jumpbox May 30, 2019

@axiqia

This comment has been minimized.

Copy link

commented May 31, 2019

I have copyed my SSH key to the remote endpoint and jump hosts as @tralston suggested. But I still met the issue like @pd93 . I added more information.

My config:

Host jumpbox
    HostName example.edu.cn
    User U
    Port xxx
    IdentityFile xxx.id_rsa


Host remote
    HostName remote
    User U
    Port xx
    ProxyCommand ssh -q -W %h:%p jumpbox

On Git Bash(windows)

$ ssh -V                                                                         
OpenSSH_7.9p1, OpenSSL 1.1.1a  20 Nov 2018
  • local -> jumpbox works
ssh jumpbox
  • local -> jumpbox -> remote works
ssh remote

On Powershell:

ssh -V
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
  • local -> jumpbox works
ssh jumpbox
  • local -> jumpbox -> remote fails with the error:
ssh remote
CreateProcessW failed error:2
posix_spawn: No such file or directory

On VS Code:

  • local -> jumpbox works
  • local -> jumpbox -> remote fails with the error:
Picking SSH host
Selected remote
Confirming that remote is a valid reachable host
Running type "C:\Users\xxx\AppData\Local\Temp\vscode-linux-multi-line-command-remote.sh" | ssh  "remote" bash to confirm the host platform
> 
> CreateProcessW failed error:2
> posix_spawn: No such file or directory
> 
"uname" terminal command done
remote: unreachable or not Linux x86_64. (posix_spawn: No such file or directory)
@pd93 pd93 referenced this issue Jun 5, 2019
@johnymachine

This comment has been minimized.

Copy link

commented Jun 7, 2019

Maybe this could help:

ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe jumphost netcat -w 120 %h %p

https://serverfault.com/questions/956613/windows-10-ssh-proxycommand-posix-spawn-no-such-file-or-directory

It worked as expected on Windows 10 1809 but there is probably bug in 1903 and this worked for me.

@davesdig

This comment has been minimized.

Copy link

commented Jun 11, 2019

Seeing same problem here when trying to connect to Centos 7 via a Centos 7 jump box from a mac. Tried several forms of ProxyCommand and ProxyJump. Can connect thru proxy to target from command line so the configuration should be good. Keys are set up on both jump box and target box.

Code Version: 1.35.0
Extension Version: 0.42.0

@Higher-Stark

This comment has been minimized.

Copy link

commented Jun 11, 2019

I encountered CreateProcessW failed error:2 posix_spawn: No such file or directory on my Windows 10 1903. The ProxyCommand in my config is ProxyCommand ssh jumphost -W %h:%p.
Then I change the command to ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe jumphost -W %h:%p, and it just works.

@johnymachine I tried yours, but I got bash: netcat: command not found.
I am not going to look into the error, I'd appreciate it if you let me know the why this happens.

OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
Windows 10 - 1903

@johnymachine

This comment has been minimized.

Copy link

commented Jun 11, 2019

I encountered CreateProcessW failed error:2 posix_spawn: No such file or directory on my Windows 10 1903. The ProxyCommand in my config is ProxyCommand ssh jumphost -W %h:%p.
Then I change the command to ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe jumphost -W %h:%p, and it just works.

@johnymachine I tried yours, but I got bash: netcat: command not found.
I am not going to look into the error, I'd appreciate it if you let me know the why this happens.

OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
Windows 10 - 1903

Sorry my bad, I probably copied bad command.

My config is exactly this and it works:
ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe -W %h:%p -q user@ipaddr

@axiqia

This comment has been minimized.

Copy link

commented Jun 11, 2019

ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe -W %h:%p -q user@ipaddr
@johnymachine Thank you. That works for me on my windows platform.

@asmitde

This comment has been minimized.

Copy link

commented Jun 16, 2019

@johnymachine Thanks for the solution! Do you know how to how to run the proxy ssh process in the background? There's a blank ssh process window that stays open as long as the connection is active.

@johnymachine

This comment has been minimized.

Copy link

commented Jun 16, 2019

@pd93

This comment has been minimized.

Copy link

commented Jul 1, 2019

Thought I'd post a little update to this issue for those who run into it.

The root cause of this issue is a bug with OpenSSH for windows. However, this has now been patched in the latest release (v8.0.0.0).

Unfortunately, this likely won't get built into Windows until 1909 comes around. However, you can manually patch it yourself!

Manual Fix

  • Download the v8.0.0.0 release .zip.
  • Extract the .zip file
  • Copy and replace the extracted ssh.exe binary into your C:\Windows\System32\OpenSSH folder.
  • Done! You can now use "Remote Development - SSH" with ProxyJump in the expected way.

If you get a permissions error then this may be because there is system protection in place on the existing ssh.exe binary. This can be removed by setting yourself as the owner of the file (requires admin) and granting yourself "full control". To do this, follow these steps:

  • Right-click on the existing file C:/Windows/System32/OpenSSH/ssh.exe and select Properties.
  • Open the Security tab and click on Advanced.
  • Click the button to change the owner and change it from TrustedOwner to your Windows username.
  • Type your username and click the Check Names button (This should autofill with your full username/email).
  • Apply the settings and then close the properties window and reopen it.
  • Navigate back to the Security tab and click on Edit.
  • Select the Users group and give the group Full Control.
  • Click Apply and exit.
  • Now go back and try patching the file again.

Blank terminal issue

Note that this does not fix the blank terminal from appearing when creating a new Remote SSH session. I have created a new issue for this.

-- edit --

See #230 (this is now fixed)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.