-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote SSH via Azure Bastion (with AAD auth) #7179
Comments
Hello! Currently we do not have support for Azure Bastion specifically and therefore I will move this issue to be a feature-request in our backlog. Since I cannot give a timeline on when we might tackle this feature request, there are a few options on ways that you might be able to build you own custom solutions. First you could making a custom script that handles the connection via bastion and set the ssh binary to this script so we run this script when attempting to connect via ssh. Additionally we have a new workflow called vscode server cli which is outlined here: https://code.visualstudio.com/blogs/2022/07/07/vscode-server. This is in private preview but I can give you access if you think that tool would be a good solution. Thanks! |
This feature request is now a candidate for our backlog. The community has 60 days to upvote the issue. If it receives 10 upvotes we will move it to our backlog. If not, we will close it. To learn more about how we handle feature requests, please see our documentation. Happy Coding! |
any update on this issue? |
@madhavchereddyacc, no updates at this point. This issue will be mentioned in a planning issue when it comes on the docket for engineering and this issue will be updated with notice once it comes in the release to see if it works for everyone correctly in this thread. |
GCR is now moving to Bastion... |
This is very important functionality given big push towards Bastion. Any updates? For a temporary workaround, you can use tunneling feature of Bastion to enable remote SSH. In this case, add following in your $USERPROFILE.ssh\config file:
Then use PowerShell to connect to Bastion host in Azure:
In VSCode when you click on Connect to Host, you will see host named tunnel which should work as expected. Also see this: https://techcommunity.microsoft.com/t5/fasttrack-for-azure/accessing-aks-private-clusters-with-azure-bastion-and-vs-code/ba-p/3581367 |
I was experiencing the same issue, I have fixed it through the StrictHostKeyChecking=No option in the config. |
With the above
|
Thanks for the solution. This is also what GCR recommended. It worked well for me until I wanted to add devcontainer into my project. All VsCode devcontainer commands failed with "SSH connection error", even the command to add a devcontainer configuration. I wonder if there is fix for it.
|
In #4553, I saw the config property So I had to put password for bastion first then VM and I was good to go. |
@MRDGH2821 is your post above regarding to my question? I didn't fully understand what ProxyJump can do. Can you please be more specific? Thank you! |
Oh sorry I had been ambiguous a little. At my work place, I was given IP address of 2 VMs, which are in Azure portal. One of them was Azure bastion. Now I realise that the issue presented here & my comment may be unrelated 😅 |
Thank you @MRDGH2821. I am glad you’ve got a solution to your problem. With your multi-hop connection, have you ever tried DevContainer feature in VsCode? |
In the target vm protected behind bastion, I had setup a folder which has a sub folder Then after reopening vscode -> welcome screen, I see my dev container. |
Anyone working on this feature request? I would like to contribute on this. |
Azure Bastion is a managed to service for secure access to virtual machines in a vnet. I would like to be able to do VS Code remote SSH (and remote container) development on a VM that is accessed via a bastion host. Additioally, I would like this to worth with Azure Active Directory (AAD) auth enabled on the VM.
I can get a shell in the remove VM with something like:
However the remote-ssh extension in vscode seems to rely on a direct ssh command and not this sort of proxied ssh connection. There was a related question on this #4553, which I don't think was answered and maybe bastion was not as mature at the time.
The text was updated successfully, but these errors were encountered: