Efficient Multi-Hop SSH Configuration in VS Code

As developers, we often work on remove servers via VSCode, which can be challenging if there are multiple hops. The challenge I faced involved connecting to a remote server via an intermediary AWS EC2 instance. Not only I was not able to add breakpoints and debug my code, it also required multiple passwords.

This article details an approach to establish an efficient connection for this jump connection inside VSCode. This guide is intended for developers, sys admins, and anyone looking to enhance their workflow in managing remote servers through VSCode.

Initial Setup and Problem Identification

My original setup involved a two-step connection process. Initially, I connected to an EC2 instance using a ".pem" file. A ".pem" file is a type of file that contains encryption keys or certificates used for secure communications.

ssh -i "path/to/.pem file" EC2_username@EC2_IP_address        

I then accessed the final server by specifying the port (port 9000 in my case) with:

ssh -p 9000 localhost_username@localhost        

This method necessitated entering a password multiple times, proving cumbersome and time-consuming.

Simplifying the Connection Process

Direct Access via Modified SSH Command: To enhance efficiency, I modified the SSH command to bypass the intermediary connection, allowing direct access to the remote server’s password prompt from Windows PowerShell:

ssh -i “path/to/.pem file” -p 9000 localhost_username@EC2_IP_address        

Integrating with VSCode: Utilizing this command within the VSCode Remote-SSH extension, accessed via the "Connect to Host" option, presented the password prompt directly. However, frequent password entries for each new VSCode folder proved inefficient.

Establishing Password-less Access

To resolve the issue of repeated password entries, I set up password-less access by utilizing SSH keys. The commands in this subsection were ran in Windows Powershell. The process involved:

• Generating a secure key pair using "ssh-keygen" command:

ssh-keygen        

• Transferring the public key to the remote server using "scp" (Secure Copy Protocol), a means to transfer files between a local machine and a remote server:

scp -P 9000 “path/to/.pub file” localhost_username@EC2_IP_address:~/        

• After logging into the remote server, I appended the public key to "authorized_keys" file to authenticate without a password, and then removed the public key file as it is no longer required after being appended:

cat ~/filename.pub >> ~/.ssh/authorized_keys
rm ~/filename.pub        

• Permissions were set to secure the authentication process:

chmod 600 ~/.ssh/authorized_keys  # Read/write by the owner only
chmod 700 ~/.ssh  # Owner can read, write, and execute        

Connecting Through VSCode

With the setup complete on the remote server, connecting through VSCode becomes straightforward:

• Open Remote Explorer: Navigate and click "+" to add a new SSH host.

• Enter SSH Command in the prompt and press ENTER:

ssh -i “path/to/private key” -p 9000 localhost_username@EC2_IP_address        

• This command adds the host to VSCode’s remote explorer and updates the ".ssh/config" file, streamlining future connections.
• Initiate Connection: Through the Command Palette (Ctrl+Shift+P), again choose "Remote-SSH: Connect to Host" and select the configured host.
• The bottom left corner of the VSCode window will show the status of the connection. If it is connected it will show "SSH: {Host name}".

Ensure good internet connection for both your local machine and the remote server as well as the intermediate server to ensure consistent connection.

Conclusion

This refined approach not only saved time but also enhanced the security of my remote server management operations through VSCode by leveraging SSH keys. By documenting this process, I hope to help others optimize their remote server workflows in VSCode, making them more efficient and secure. Please share any feedback or additional strategies you've found effective in your professional environment!

PS: How do you set up the reverse tunnel in the first place you ask? We use autossh and issue the below command on the localhost, with localhost_username login:

sudo autossh -M 0 -gNC -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -i "uavio_key.pem" -R 9000:localhost:9000 EC2_username@EC2_IP_address        

Author: Sridhar Kamath