TechQA.

Restrict putty agent ssh forwarding of vscode on remote host for specific ips

21 views Asked by At

i have the putty ssh agent running (due to the fact that i dont have administrator rights, this is the only option as this was installed by default) and use it to log into my remote workspaces in vscode. As i often need access to a github repository, i use the ssh agent forwarding for git on my remote workspace, too. This all works fine. However, my problem now is, i am working with a device-under-test which i need to log into over ssh from my remote workspace. As i have the ssh agent forwarding all set up, everytime i try to ssh into the device-under-test over my remote workspace, it (as expected behavior) tries all the keys from the putty ssh agent and ends up in "too many authentications"-failure. The device-unter-test can only have a password, as everytime a deploy of new code is done, it would simply delete the ssh-key, so using a priv/pub key pair is not an option. i know i can restrict the ssh from trying to find the key files when i use the command

sshpass -p 'password' ssh -o PubkeyAuthentication=no -o PasswordAuthentication=yes user@ip

but as we use a lot of scripts that have automated ssh connections to the device-under-test coded inside, i cannot run around and add

-o PubkeyAuthentication=no -o PasswordAuthentication=yes

to each line, where an ssh connection to the device-under-test is established. Is there a way to tell my ssh-agent e.g. via the config-file on my local machine, to not try to use key authentication on specific ips? i googled a lot and already tried adjusting my ssh-agent config file as follows:

include "pageant.conf"
Host ip_of_remote_workspace
  HostName ip_of_remote_workspace
  ForwardAgent yes
  User my_username
  IdentitiesOnly no
  IdentityFile path/to/privkey
  PubkeyAuthentication yes
Host ip_of_device_under_test
  PubkeyAuthentication no
  PasswordAuthentication yes
  ForwardAgent no
  IdentityAgent none
Host *
  RSAAuthentication no
  PasswordAuthentication yes
  PubkeyAuthentication no
  IdentitiesOnly yes
  IdentityFile /dev/null
  ForwardAgent no
  IdentityAgent none

but this did not give me any help.

Is it possible to tell my remote workspace via forwarding to use the forwarded keyfiles on e.g. git but restrict it on specific ip adresses and only allow password there?

visual-studio-code ssh ssh-agent restrict
Original Q&A
1

There are 1 answers

0
John Smith On

The config you specified for the device_under_test needs to go into the .ssh/config file on the remote workspace. You should be able to then ssh from there and it should be asking for a password.

Alternatively you could simply push the pub key once after every code deployment. It is a single command (ssh-copy-id).

Related Questions in VISUAL-STUDIO-CODE

Related Questions in SSH

Related Questions in SSH-AGENT

Related Questions in RESTRICT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions