VSCode:如何连接到远程SSH主机,在SSH主机内部?

huangapple go评论49阅读模式
英文:

VSCode: How to connect to Remote SSH Host, inside an SSH Host?

问题

我可以通过我的大学提供的硬件,并通过命令行以以下方式连接到该硬件:

ssh username@login.university.edu
//提示输入密码
ssh hardware1
//提示输入密码

我可以使用VSCode Remote SSH Connect to Host获得一个连接到login.university.edu的窗口,但是一旦连接到那里,我需要在终端中使用SSH连接到hardware1,因此无法在hardware1上使用调试器。

如何才能获得一个连接到hardware1的窗口?或者如何自定义launch.json以运行ssh hardware1并输入我的密码?

英文:

I have hardware available through my university, to which I connect to through ssh in the following way in the command line:

ssh username@login.university.edu
//prompts for password
ssh hardware1
//prompts for password

I can get a window to login.university.edu with VSCode Remote SSH Connect to Host, but then once there I use the terminal to SSH into hardware1, therefore I can't use the debugger on hardware1.

How could I get a window to hardware1? Or else how can I customize launch.json in order to run ssh hardware1 and input my password?

答案1

得分: 1

你所描述的设置是一个非常好的、安全的、可靠的、舒适的解决方案,当你想要能够连接到一台机器而不需要直接将该机器连接到网络时。这种双重SSH方法通过一个简单的工具消除了几乎所有的安全风险。

还有其他提供相同安全级别的技术(VPN、虚拟局域网)。但SSH解决方案通常很好。这是你可以找到的最安全的解决方案。这不是一个复杂的基础架构解决方案。你不需要额外的软件。你不仅可以完全控制谁可以登录,还可以控制谁可以连接。

有两种方法可以实现你想要的目标。

双重登录

你可以使用一个单一命令登录到两台机器:ssh username@login.university.edu 'ssh username@hardware1'

如果你确实想使用SSH,这个第一个解决方案就很有效。这正是你在问题中所要求的。

SSH隧道

另一种解决方案是SSH隧道。思路是在你正在工作的本地机器上打开一个端口,并通过SSH将该端口连接到hardware1的另一个端口。要做到这一点,你必须使用以下命令:ssh username@login.university.edu -L 2222:hardware1:22

你只需要在你的机器上执行一次这个命令,然后永远保持SSH窗口打开。

然后,你可以直接从本地机器连接到hardware1,命令如下:ssh localhost:2222。就像魔术一样。

这个解决方案适用于各种连接,不仅仅是SSH。这使它非常灵活。

公钥认证

你的问题还意图找到一种方法,可以在登录时不需要输入密码。

为了实现这一点,你必须使用SSH的公钥认证。这正是你想要的。在设置这个过程中,会要求你输入一个口令。如果你将其留空,SSH在连接时甚至不会要求输入密码。

可能你的机器没有启用公钥认证。但这不应该是这种情况,因为公钥认证是官方推荐的认证方法,而且被认为更安全。所以所有的服务器都应该启用这个功能。

不要担心如果一些虚假的安全专家告诉你无密码认证是一个安全风险。如果你信任你的本地机器,那么这不是真的。如果你不信任你的本地机器,那么你就不应该登录到任何地方。

我详细解释这一点,因为在实践中,你经常会遇到不理解这一点的人。通过这种SSH隧道方法,你会让许多管理员感到困惑,然后他们会试图告诉你,你不能使用SSH隧道,因为它绕过了他们的安全基础设施。但事实上正好相反。SSH隧道允许你连接到机器,而不会降低安全要求。没有比这更好的选择。

英文:

The setup that you describe is a very good, secure, reliable and comfortable solution when you want to be able to connect to a machine without bringing that machine directly to the network. This double SSH approach eliminates nearly all security risky by just one simple tool.

There are other technologies that provide the same level of security (VPN, V-LANs). But the SSH solution is often good. It is the most secure solution you can find. It is not a complicated infrastructure solution. You need no extra software. You have full control not only over who can login but also over who can connects.

There are two ways how you can achieve what you want.

Double Login

You login to both machines by using one single command ssh username@login.university.edu 'ssh username@hardware1'

This first solution works well if you actually want to use SSH. This is what you ask for in your question.

SSH Tunneling

An alternative solution is an SSH tunnel. The idea is that you open a port on your local machine, where you are working and you connect that port through SSH to another port of hardware1. To do so, you must use the command ssh username@login.university.edu -L 2222:hartdware1:22

You must do this once on your machine and just leave the SSH window open forever.

Then you can directly connect from your local machine to hardware1 with the command ssh localhost:2222. That is like magic.

This solution works well for all sorts of connections, not only for SSH. That makes it so flexible.

Public Key Authentication

Your question also intends to find a way how you can solve the problem, that you want to login without been asked for the password.

In order to achieve this, you must use SSH with public key authentication. This is exactly what you want. In the process of setting this up you are asked for a passphrase. If you leave this empty, SSH does not even ask for anything when you connect.

It could be that your machines do not have enabled the public key authentication. But this should not be the case, because public key authentication is officially the recommended authentication method and it is known to be more secure. So all servers should have enabled this.

Don't worry if some false security experts tells you that passwordless authentication is a security risk. If you trust your local machine, then this is not true. And if you don't trust your local machine, then you should not login anywhere.

I explain this with so many details, because in practice you will often talk to people who do not understand this. With this SSH tunnelling approach you confuse many administrators who will then try to tell you that you cannot use SSH tunnelling, because it bypasses their security infrastructure. But correct is actually the opposite. SSH tunnelling allows you to connect to machines without relaxing the security requirements. There is no better option.

答案2

得分: 0

以下是翻译好的部分:

这个方法在我使用Flask调试时有效。

在您的笔记本电脑上:

  • 创建或打开 ~/.ssh/config 文件并设置您的SSH连接
    (在Windows上:c:\Users\用户名\.ssh\config)
Host university
    HostName login.university.edu
    User 用户名
    IdentityFile ~/.ssh/university_key

Host hardware1
    HostName hardware1
    User 用户名
    IdentityFile ~/.ssh/hardware1_key
    ProxyJump university
  • 在您的笔记本电脑上创建 university_key 文件
cd ~/.ssh
ssh-keygen -f university_key # 输入 - 输入
ssh-copy-id -i university_key.pub 用户名@login.university.edu

在跳转服务器上

  • 登录到跳转服务器 ssh 用户名@login.university.edu
    login.university.edu 上创建密钥
cd ~/.ssh
ssh-keygen -f hardware1_key # 输入 - 输入
ssh-copy-id -i hardware1_key.pub 用户名@hardware1.university.edu # 如果这不是复制密钥,请尝试 username@hardware1

在文件夹中创建了两个文件:hardware1_keyhardware1_key.pub。将这两个文件复制到本地(笔记本电脑)的 ~/.ssh 文件夹中。

现在您可以登录

  • 到跳转服务器:ssh university
  • 到隧道:ssh hardware1 -v

如果您能够从命令行界面连接到 hardware1,打开VS Code。
如果不能,您的 hardware1_key.pub 没有复制到 hardware1,请尝试修复这个问题:用户名@hardware1.university.edu <- 这可能是错误的

在VS Code中

检查您的 ~/.ssh/config 文件

按下 <kbd>CTRL</kbd>+<kbd>SHIT</kbd>+<kbd>P</kbd>
选择 Remote-SSH: Open SSH Configuration file...
从下拉菜单中选择您的 config 文件:~/.ssh/config
检查一切是否正确(如果您可以从命令行登录,应该没问题)

连接到主机

  • 按下 <kbd>CTRL</kbd>+<kbd>SHIT</kbd>+<kbd>P</kbd>
  • 选择 Remote-SSH: Connect to Host...
  • 从下拉菜单中选择 universityhardware1
  • 打开了一个新窗口。单击 <kbd>Open Folder</kbd> 按钮,选择您想要的文件夹。
  • 单击 <kbd>Ok</kbd>

现在您甚至可以使用调试模式,但必须在您连接的主机上安装解释器。
例如,如果您想在 hardware1 上调试Python代码,
您需要在 hardware1 上安装Python 3.7或更高版本。

英文:

This one works for me with Flask debugging.

On your laptop:

  • Create or open ~/.ssh/config and set your ssh connection
    (on windows: c:\Users\username\.ssh\config)
Host university
    HostName login.university.edu
    User username
    IdentityFile ~/.ssh/university_key

Host hardware1
    HostName hardware1
    User username
    IdentityFile ~/.ssh/hardware1_key
    ProxyJump university
  • Create university_key on your laptop
cd ~/.ssh
ssh-keygen -f university_key # enter - enter
ssh-copy-id -i university_key.pub username@login.university.edu

On your jump server

  • login to the jump server ssh username@login.university.edu
    Create key on login.university.edu
cd ~/.ssh
ssh-keygen -f hardware1_key # enter - enter
ssh-copy-id -i hardware1_key.pub username@hardware1.university.edu # if this isn&#39;t copy the key try username@hardware1

Two files created in the folder: hardware1_key and hardware1_key.pub
Copy this two file to your local (laptop) ~/.ssh folder.

Now you can login

  • to the jump with: ssh university
  • to the tunnel: ssh hardware1 -v

If you are able to connect from CLI to your hardware1, open the VS Code.
If not, your hardware1_key.pub is not copied to hardware1, try to fix this one: username@hardware1.university.edu <- this is maybe wrong

On VS Code

Check your ~/.ssh/config file

Press <kbd>CTRL</kbd>+<kbd>SHIT</kbd>+<kbd>P</kbd>
Choose Remote-SSH: Open SSH Configuration file...
From the dropdown menu choose your config file: ~/.ssh/config
Check if everything right (must be... if you can login from CLI)

Connect to host

  • Press <kbd>CTRL</kbd>+<kbd>SHIT</kbd>+<kbd>P</kbd>
  • Choose Remote-SSH: Connect to Host...
  • From the dropdown menu choose university or hardware1
  • A new window opened. Click on the <kbd>Open Folder</kbd> button, choose a folder you want.
  • Click on <kbd>Ok</kbd>

Now you can use even debug mode, but the interpreter must be installed on the host you connected.
For example if you want debugging a Python code on hardware1,
you need to install Python 3.7 or higher <strong>on hardware1</strong>...

huangapple
  • 本文由 发表于 2023年6月16日 02:07:22
  • 转载请务必保留本文链接:https://go.coder-hub.com/76484417.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定