From 354a17604e355ed00a000bddeb0198aeff225e01 Mon Sep 17 00:00:00 2001 From: Chuck Lantz Date: Mon, 6 May 2019 11:18:03 -0700 Subject: [PATCH] Edits based on customer feedback https://github.com/Microsoft/vscode-remote-release/issues/155 https://github.com/Microsoft/vscode-remote-release/issues/116 https://github.com/Microsoft/vscode-remote-release/issues/95 https://github.com/Microsoft/vscode-remote-release/issues/119 --- docs/remote/containers.md | 4 ++- docs/remote/troubleshooting.md | 47 ++++++++++++++++++++-------------- docs/remote/wsl.md | 4 ++- 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/docs/remote/containers.md b/docs/remote/containers.md index 047944764c..01b6e34acc 100644 --- a/docs/remote/containers.md +++ b/docs/remote/containers.md @@ -31,7 +31,7 @@ To get started, follow these steps: **Windows / macOS**: - 1. Install [Docker Desktop for Windows/Mac](https://www.docker.com/products/docker-desktop). + 1. Install [Docker Desktop for Windows/Mac](https://www.docker.com/products/docker-desktop). (Docker Toolbox is not currently supported.) 2. Right-click on the Docker taskbar item and update **Settings / Preferences > Shared Drives / File Sharing** with any source code locations you want to open in a container. If you run into trouble, see [Docker Desktop for Windows tips](/docs/remote/troubleshooting.md#docker-desktop-for-windows-tips) on avoiding common problems with sharing. @@ -612,6 +612,8 @@ See the following examples dev containers for additional information: * Alpine Linux or Windows container images are not yet supported. Most images come with a Debian or Ubuntu based flavor you can use instead. (Typically Alpine variations end in `-alpine`). * All roots/folders in a multi-root workspace will be opened in the same container, regardless of whether there are configuration files at lower levels. * The unofficial Ubuntu Docker **snap** package for Linux is **not** supported. Follow the [official Docker install instructions for your distribution](https://docs.docker.com/install/#supported-platforms). +* Docker Toolbox is not currently supported. +* Docker variants or alternate containerization tool kits like [podman.io](https://podman.io) are not supported. * When installing an extension pack in a container, extensions may install locally instead of inside the container. Click the **Install** button for each extension in the Local section of the extension panel to work around the issue. See [Microsoft/vscode-remote-release#11](https://github.com/Microsoft/vscode-remote-release/issues/11) for details. * If you clone a Git repository using SSH and your SSH key has a passphrase, VS Code's pull and sync features may hang when running remotely. Either use a SSH key without a passphrase, clone using HTTPS, or run `git push` from the command line to work around the issue. * Local proxy settings are not reused inside the container, which can prevent extensions from working unless the appropriate proxy information is configured (for example global `HTTP_PROXY` or `HTTPS_PROXY` environment variables with the appropriate proxy information). diff --git a/docs/remote/troubleshooting.md b/docs/remote/troubleshooting.md index 6376a4ad03..ef504ca831 100644 --- a/docs/remote/troubleshooting.md +++ b/docs/remote/troubleshooting.md @@ -195,14 +195,33 @@ SSH can be strict about file permissions and if they are set incorrectly, you ma ### Local SSH file and folder permissions +#### macOS / Linux + On your local machine, make sure the following permissions are set: -| Folder / File | Linux / macOS Permissions | Windows Permissions | -|---------------|---------------------------|---------------------| -| `.ssh` in your user folder | `chmod 700 ~/.ssh` | Grant `Full Control` to your user, Administrators, and SYSTEM. | -| `.ssh/config` in your user folder | `chmod 600 ~/.ssh/config` | Grant `Full Control` to your user, Administrators, and SYSTEM. | -| `.ssh/id_rsa.pub` in your user folder | `chmod 600 ~/.ssh/id_rsa.pub` | Grant `Full Control` to your user, Administrators, and SYSTEM. | -| Any other key file | `chmod 600 /path/to/key/file` | Grant `Full Control` to your user, Administrators, and SYSTEM.| +| Folder / File | Permissions | +|---------------|---------------------------| +| `.ssh` in your user folder | `chmod 700 ~/.ssh` | +| `.ssh/config` in your user folder | `chmod 600 ~/.ssh/config` | +| `.ssh/id_rsa.pub` in your user folder | `chmod 600 ~/.ssh/id_rsa.pub` | +| Any other key file | `chmod 600 /path/to/key/file` | + +#### Windows + +The specific expected permissions can vary depending on the exact SSH implementation you are using. We strongly recommend using the out of box [Windows 10 OpenSSH Client](https://docs.microsoft.com/windows-server/administration/openssh/). If you are using this offical client, cut-and-paste the following in an **administrator PowerShell window** to try to repair your permissions: + +```powershell +Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process + +Install-Module -Force OpenSSHUtils -Scope AllUsers + +Repair-UserSshConfigPermission ~/.ssh/config +Get-ChildItem ~\.ssh\* -Include "id_rsa","id_dsa" -ErrorAction SilentlyContinue | % { + Repair-UserKeyPermission -FilePath $_.FullName @psBoundParameters +} +``` + +For all other clients, consult **your client's documentation** for what the implementation expect. However, note that not all SSH clients may work. ### Server SSH file and folder permissions @@ -213,19 +232,7 @@ On the remote machine you are connecting to, make sure the following permissions | `.ssh` in your user folder on the server | `chmod 700 ~/.ssh` | | `.ssh/authorized_keys` in your user folder on the server | `chmod 600 ~/.ssh/authorized_keys` | -### Updating permissions on Windows using the command line - -If you'd prefer to use the command line to update permissions on Windows, you can use the [`icacls`](https://docs.microsoft.com/windows-server/administration/windows-commands/icacls) command. - -The script below will set your user as the owner, clear out permissions, disable inheritance, and grant the needed permissions: - -```bat -SET FILEORFOLDERTOUPDATE="%USERPROFILE%\.ssh" - -icacls "%FILEORFOLDERTOUPDATE%" /c /setowner %USERDOMAIN%\%USERNAME% -icacls "%FILEORFOLDERTOUPDATE%" /c /reset -icacls "%FILEORFOLDERTOUPDATE%" /c /inheritance:r /grant %USERDOMAIN%\%USERNAME%:F SYSTEM:F BUILTIN\Administrators:F -``` +Note that only Linux hosts are currently supported which is why permissions for macOS and Windows 10 have been omitted. ### Installing a supported SSH client @@ -243,6 +250,8 @@ icacls "%FILEORFOLDERTOUPDATE%" /c /inheritance:r /grant %USERDOMAIN%\%USERNAME% |----|--------------|---| | Debian / Ubuntu | Run `sudo apt-get install openssh-server` | See the [Ubuntu SSH](https://help.ubuntu.com/community/SSH?action=show) documentation for additional setup instructions. | | RHEL / Fedora / CentOS | Run `sudo yum install openssh-server && sudo systemctl start sshd.service && sudo systemctl enable sshd.service` | You may need to omit `sudo` when running in a container. | +| Windows | Not supported yet. | | +| macOS | Not supported yet. | | ### Resolving hangs when doing a Git push or sync on an SSH host diff --git a/docs/remote/wsl.md b/docs/remote/wsl.md index b4481f5b15..7387797ad8 100644 --- a/docs/remote/wsl.md +++ b/docs/remote/wsl.md @@ -143,7 +143,9 @@ If you clone a Git repository using SSH and your SSH key has a passphrase, VS Co ### Docker Extension limitations -The Docker extension is configured to run as a local "UI" extension that runs on the Windows side by default. This enables the extension to work with your local Docker installation when you are developing inside a container. However, some Docker commands invoked from the Docker extension can fail from a WSL window. If you want the Docker extension to interact with an installed Docker CLI in WSL instead, add the following to `settings.json`: +The Docker extension is configured to run as a local "UI" extension that runs on the Windows side by default. This enables the extension to work with your local Docker installation when you are developing in WSL or [inside a container](/docs/remote/containers.md) since the Docker CLI is not available by default in these environments. However, commands invoked from the Docker extension that rely on the Docker command line, for example **Docker: Show Logs**, fail. + +Fortunately, if you've [installed the Docker CLI in WSL and configured it to work with your local Docker host](https://nickjanetakis.com/blog/setting-up-docker-for-windows-and-wsl-to-work-flawlessly), you can install the Docker extension inside WSL to solve this problem. Just add the following to `settings.json`: ```json "remote.extensionKind": {