Visual Studio Code Remote SSH

I’ve been running into an issue lately with VSCode trying to access a remote server using SSH with authentication keys.  I’ll preface this by saying I’m running VSCode on a Windows 10 machine and attempting to SSH to an AWS instance running Linux.

This is the error that appears.  Notice that it says “Permissions 0644 are too open”.


>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0644 for 'C:\\Users\\trailsix\\.ssh\\aws-server.pem' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: C:\\Users\\trailsix\\.ssh\\aws-server.pem
> Enter passphrase for key 'C:\Users\trailsix\.ssh\aws-server.pem':
[21:52:49.131] Detected passphrase message
[21:52:50.796] Got passphrase response
[21:52:50.798] "install" wrote data to terminal: ""
[21:52:50.837] >
>
[21:52:50.846] > ec2-user@ec2-54-174-173-119.compute-1.amazonaws.com's password:
[21:52:50.847] Showing password prompt
[21:52:53.557] Password dialog canceled
[21:52:53.558] "install" terminal command canceled
[21:52:53.560] Resolver error: Connecting was canceled
[21:52:53.575] ------

I noticed a StackExchange superuser question about the same problem and I found a GitHub article that was helpful in resolving the issue of the keys being too open.  What it boils down to is that the key file needs to be owned by and only by the System User.  I followed the icacl commands in the GitHub article to fix the permissions:


C:\>(get-acl .\ssh_host_dsa_key).owner
otheruser
C:\>icacls .\ssh_host_dsa_key
ssh_host_dsa_key NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
otheruser:(R)

Steps to fix these permissions

C:\>icacls .\ssh_host_dsa_key /setowner system
C:\>icacls .\ssh_host_dsa_key /remove otheruser

However, there was no good way that I found in Windows to verify that the permissions were other than 0644.  So I installed Cygwin with bash.  I browsed to the directory


cd /cygdrive/c
ls
cd /wherever/your/keyfile/is
ls -alrt

Sure enough, the permissions were still set as 0644.  I changed them to 0600 and retested from the command line:


ssh -i aws-server.pem ec2-user@ec2-34-207-158-88.compute-1.amazonaws.com

The connection did not succeed.  When trying again from VSCode, it did get past the permissions are too open error, but for some reason it’s still not authenticating with this key.

The odd thing is that I can successfully authenticate with Putty to the same instance using the same exact key.

My workaround for the time being was to use Putty to get into the AWS instance and allow PasswordAuthentication in the sshd_config file.

If you were able to get key authentication working from a Windows 10 machine to a Linux server in VSCode, I’d like to hear how you did it!

Leave a Reply