VSCode: How to connect to Remote SSH Host, inside an SSH Host?

I have hardware available through my university, to which I connect to through ssh in the following way in the command line:

ssh username@login.university.edu
//prompts for password
ssh hardware1
//prompts for password

I can get a window to login.university.edu with VSCode Remote SSH Connect to Host, but then once there I use the terminal to SSH into hardware1, therefore I can't use the debugger on hardware1.

How could I get a window to hardware1? Or else how can I customize launch.json in order to run ssh hardware1 and input my password?

The setup that you describe is a very good, secure, reliable and comfortable solution when you want to be able to connect to a machine without bringing that machine directly to the network. This double SSH approach eliminates nearly all security risky by just one simple tool.

There are other technologies that provide the same level of security (VPN, V-LANs). But the SSH solution is often good. It is the most secure solution you can find. It is not a complicated infrastructure solution. You need no extra software. You have full control not only over who can login but also over who can connects.

There are two ways how you can achieve what you want.

Double Login

You login to both machines by using one single command ssh username@login.university.edu 'ssh username@hardware1'

This first solution works well if you actually want to use SSH. This is what you ask for in your question.

SSH Tunneling

An alternative solution is an SSH tunnel. The idea is that you open a port on your local machine, where you are working and you connect that port through SSH to another port of hardware1. To do so, you must use the command ssh username@login.university.edu -L 2222:hartdware1:22

You must do this once on your machine and just leave the SSH window open forever.

Then you can directly connect from your local machine to hardware1 with the command ssh localhost:2222. That is like magic.

This solution works well for all sorts of connections, not only for SSH. That makes it so flexible.

Public Key Authentication

Your question also intends to find a way how you can solve the problem, that you want to login without been asked for the password.

In order to achieve this, you must use SSH with public key authentication. This is exactly what you want. In the process of setting this up you are asked for a passphrase. If you leave this empty, SSH does not even ask for anything when you connect.

It could be that your machines do not have enabled the public key authentication. But this should not be the case, because public key authentication is officially the recommended authentication method and it is known to be more secure. So all servers should have enabled this.

Don't worry if some false security experts tells you that passwordless authentication is a security risk. If you trust your local machine, then this is not true. And if you don't trust your local machine, then you should not login anywhere.

I explain this with so many details, because in practice you will often talk to people who do not understand this. With this SSH tunnelling approach you confuse many administrators who will then try to tell you that you cannot use SSH tunnelling, because it bypasses their security infrastructure. But correct is actually the opposite. SSH tunnelling allows you to connect to machines without relaxing the security requirements. There is no better option.

This one works for me with Flask debugging.

On your laptop:

• Create or open ~/.ssh/config and set your ssh connection
  (on windows: c:\Users\username\.ssh\config)

Host university
    HostName login.university.edu
    User username
    IdentityFile ~/.ssh/university_key

Host hardware1
    HostName hardware1
    User username
    IdentityFile ~/.ssh/hardware1_key
    ProxyJump university

• Create university_key on your laptop

cd ~/.ssh
ssh-keygen -f university_key # enter - enter
ssh-copy-id -i university_key.pub username@login.university.edu

On your jump server

• login to the jump server ssh username@login.university.edu
  Create key on login.university.edu

cd ~/.ssh
ssh-keygen -f hardware1_key # enter - enter
ssh-copy-id -i hardware1_key.pub username@hardware1.university.edu # if this isn't copy the key try username@hardware1

Two files created in the folder: hardware1_key and hardware1_key.pub
Copy this two file to your local (laptop) ~/.ssh folder.

Now you can login

• to the jump with: ssh university
• to the tunnel: ssh hardware1 -v

If you are able to connect from CLI to your hardware1, open the VS Code.
If not, your hardware1_key.pub is not copied to hardware1, try to fix this one: username@hardware1.university.edu <- this is maybe wrong

On VS Code

Check your ~/.ssh/config file

Press <kbd>CTRL</kbd>+<kbd>SHIT</kbd>+<kbd>P</kbd>
Choose Remote-SSH: Open SSH Configuration file...
From the dropdown menu choose your config file: ~/.ssh/config
Check if everything right (must be... if you can login from CLI)

Connect to host

• Press <kbd>CTRL</kbd>+<kbd>SHIT</kbd>+<kbd>P</kbd>
• Choose Remote-SSH: Connect to Host...
• From the dropdown menu choose university or hardware1
• A new window opened. Click on the <kbd>Open Folder</kbd> button, choose a folder you want.
• Click on <kbd>Ok</kbd>

Now you can use even debug mode, but the interpreter must be installed on the host you connected.
For example if you want debugging a Python code on hardware1,
you need to install Python 3.7 or higher <strong>on hardware1</strong>...