remote ssh and sudo

[garyng2000]

vscode remote is very cool but I encounter a few usage issues in the cloud.

I used this for remote adhoc development in AWS. Though by default, all linux distro use the 'login as general user, sudo for root'. This make vscode remote kind of useless as for the various files I want to edit(of many services), they are not writable say by 'ubunu' on the typical ubuntu distro.

currently, I have to enable root login for ssh(which is not recommended by most distro) and directly ssh as root.

is there a feature that is similar to vscode's local edit on Windows which allows me to 'elevate' on save ? Though on linux, I can see this to be an issue if it goes straight to root as the owner now becomes root.root if it is a new file.

so ideally, some form of 'sudo to specific user' would be nice.

oh, another thing is there is no indication of 'whoami' in vscode when I ssh into remote. not a big issue as a new terminal would show it but I think it may be helpful to have that indicated

[bamurtaugh]

Hey @garyng2000, does it seem like this workaround could help? microsoft/vscode#48659 (comment)

Potentially related: #4388.

[garyng2000]

thanks for the link, I find an easier manual once off solution

1. temporarily enable ssh for root(that is by default disabled on both debian/RH)
2. initial vscode remote as root so it would install the extension to .vscode under root account on remote machine
3. after that, I can revert back (1)
4. ssh say ubuntu/ec2-user or whatever
5. sudo bash to raise privilege as usual
6. 'code ' and I am editing the file as root

not the most beautify solution but only need to done once without security setting change

[bitvijays]

@bamurtaugh Hope you are doing well. Thank you for doing all the amazing work.

Being honest, That's workaround is quite messy as you could see the number of comments in microsoft/vscode#48659 (comment) , It would be really great, if a proper solution can be implemented.

Plenty of people are waiting for this feature and we would really appreciate VSCode Team support on this. Thank You 👍

[PavelSosin-320]

There is a very safe and proven mechanism to run something remotely in the privileged mode in the Enterprise-grade systemd managed Linux distros: Ubuntu, Redhat, Suse - Ansible. It has very few pre-requisites and can be installed on the server in minutes. I think most SysAdmins are familiar with it. Non-privileged users can become root only for the short time needed to play installation and configuration. The enterprise distros use distro-specific security mechanisms. It is interesting to see systemctl and journalctl output after such operation and here what the security specialist says about this method.

[garyng2000]

I am not advocating using vscode for system admin of an ISO 27k org. Just that there are times where I need to do quick server patch and found it to be easier using vscode remote rather than just my trusty vim which also doesn't have all these issues. Recently, I need to try something about the AWS elasticbeanstalk which is quite opaque thus need a bit of going around and it is more convenient to use vscode remote. there are small shops that don't pay an arm and a leg to meet that ISO 27k requirements

[roblourens]

I think #690 is the issue you want here

[roblourens]

(and the linked general vscode issue)