Connect over a proxy

[lars18th]

Hi,

The native SSH client, that uses this project, doesn't have support for connecting through a PROXY.

However, until native support will be added... here a "tip" for you:

• Insert in your .ssh/config file:

Host myhost
    HostName myhost-address
    ProxyCommand ncat.exe --proxy-type socks4 --proxy <proxy-addr>:1080 %h %p

• Download NMAP for Windows from https://nmap.org/download.html (get the ZIP version https://nmap.org/dist/nmap-7.70-win32.zip) and decompress only the file ncat.exe in your Windows directory (or any other in your path).

And that's all! Then you can connect to your dev host over a proxy (or over another SSH session without using the native Jump functionality).

I hope you like it! 😉

[kieferrm]

@lars18th, can you elaborate on

The native SSH client, that uses this project, doesn't have support for connecting through a PROXY.

ProxyCommand and ProxyJump are the standard way to setup jump boxes in ssh.

[lars18th]

ProxyCommand and ProxyJump are the standard way to setup jump boxes in ssh.

Hi, I know it! However, note that Windows doesn't have ANY native tool to execute as the ProxyCommand. So for this reason no native solution exists.

In any case my proposal of using ncat.exe works. Perhaps the Microsoft group will like to include it as native.

[juztinzhu]

@lars18th, can you elaborate on

The native SSH client, that uses this project, doesn't have support for connecting through a PROXY.

ProxyCommand and ProxyJump are the standard way to setup jump boxes in ssh.
Hi kieferrm,
Is ProxyJump even supported by vscode-remote? I tried but failed quickly with a "unreachable or not Linux x86_64". But ssh client works fine with proxyjump in cmd(win10).

[lars18th]

@lars18th, can you elaborate on

Yes.

• Current Remote-SSH plugin uses the "native" Win32-OpenSSH SSH Client.
• With this client, the ONLY solution to connect to the target machine using a PROXY (HTTP or SOCKS4) it's using the parameter ProxyComand in the .ssh/config file.
• In the WINDOWS PLATFORM to use the ProxyCommand you need an EXTERNAL TOOL, as Microsoft doesn't provide any native helper tool to work with the ProxyCommand.

So, two solutions can be possible:

1. Or the Microsoft people will expand the Win32-OpenSSH Client with native support of proxies.
2. Or they provide a tool similar to ncat.exe or connect.exe (or distribute them with the package Win32-OpenSSH).

The main problem is that many developers connect to the target server using SOCKS or HTTP proxies.

I hope it's more clear now. 😉
Regards.

[juztinzhu]

@lars18th, can you elaborate on

Yes.

• Current Remote-SSH plugin uses the "native" Win32-OpenSSH SSH Client.
• With this client, the ONLY solution to connect to the target machine using a PROXY (HTTP or SOCKS4) it's using the parameter ProxyComand in the .ssh/config file.
• In the WINDOWS PLATFORM to use the ProxyCommand you need an EXTERNAL TOOL, as Microsoft doesn't provide any native helper tool to work with the ProxyCommand.

So, two solutions can be possible:

1. Or the Microsoft people will expand the Win32-OpenSSH Client with native support of proxies.
2. Or they provide a tool similar to ncat.exe or connect.exe (or distribute them with the package Win32-OpenSSH).

The main problem is that many developers connect to the target server using SOCKS or HTTP proxies.

I hope it's more clear now. 😉
Regards.

There is a know bug of win32-openssh when use parameter ProxyJump, see: https://github.com/PowerShell/Win32-OpenSSH/issues/1172
there is a PRIVATE fix for this bug, it works fine for a separate ssh process, but when it is called by vscode-remote, still not working. Guess it is a vscode-remote problem.

for the other param ProxyCommand, ssh works fine also, yet still vscode-remote is not working.
either way vscode-remote keeps telling "Can't connect to xx: unreachable or not Linux x86_64 (Thus no job control in this shell.)"

[lars18th]

Hi @juztinzhu ,

There is a know bug of win32-openssh when use parameter ProxyJump, see: https://github.com/PowerShell/Win32-OpenSSH/issues/1172
there is a PRIVATE fix for this bug, it works fine for a separate ssh process, but when it is called by vscode-remote, still not working. Guess it is a vscode-remote problem.

I don't understand your comment. Please, take note that:

• Connecting over a PROXY isn't related in any sense to JUMP functionality. The first one it's to use one TCP proxy, over HTTP or SOCKS protocols, to reach the listening TCP port of the remote SSH server. In this case the PROXY is fully transparent. In the case of the JUMP functionality the client stablishes one SSH session to one intermediate SSH server (called the PROXY, but in a different sense), and from this intermediate server it stablishes another SSH session to the final server. The trick in this case is that the connection is encrypted end-to-end and the intermediate server can't intercept the traffic.

for the other param ProxyCommand, ssh works fine also, yet still vscode-remote is not working.
either way vscode-remote keeps telling "Can't connect to xx: unreachable or not Linux x86_64 (Thus no job control in this shell.)"

• I repeat: It works ONLY with external helper tools that Microsoft doesn't provide. So at time we don't have native support.
• And regarding the error of "Can't connect to xx: unreachable or not Linux x86_64 (Thus no job control in this shell.)" I'm not sure it's related to the proxy support (see my comment here: Failed to connect to the remote extension host server due to unsupported, out of date libraries like glibc (e.g. older CentOS version) #103 (comment)).

Regards.

[juztinzhu]

@lars18th Hi, sorry I confused you. I was thinking that if you had noticed the problem of vscode-remote it self, but clearly you have mentioned it in another post, which I just saw. Please ignore it.

[badscrew]

Hello,
I have slightly different configuration that works for me in both Powershell and VSCode ssh remote over http proxy, it uses connect.exe and ssh.exe from git for windows distribution:

(My windows is the Windows 10 Pro 1809)

1. I have Git for Windows installed in c:\Git\
2. My system path has c:\Git\usr\bin directory appearing before the %SystemRoot%\system32 in order to have ssh.exe from Git tools as default instead of the ssh.exe delivered by windows that doesn't understand ProxyCommand
3. in %USERPROFILE%\.ssh\config I have this as typical entry (sanitized)

Host badscrew_web
  User badscrew
  Port 22
  Hostname 123.123.123.123
  IdentityFile "c:\Users\badscrew\mykeys\ssh\id_rsa"
  TCPKeepAlive yes
  IdentitiesOnly yes
  ProxyCommand "c:\Git\mingw64\bin\connect.exe" -H myproxy.mycompany.com:80 %h %p

This works in both powershell command line (ssh badscrew_web) and in VSCode (RemoteSSH - Connect to Host... > badscrew_web).

[anuoua]

@badscrew it works!

[imaemo]

@badscrew , thanks, I checked, socks proxy also works.
ProxyCommand "C:\Program Files\Git\mingw64\bin\connect.exe" -H 127.0.0.1:1080 %h %p

[ksurl]

@imaemo

ProxyCommand "C:\Program Files\Git\mingw64\bin\connect.exe" -H 127.0.0.1:1080 %h %p

does this mean you need to have socks proxy connected in cmd before you connect via vs code remote ssh?

edit: nevermind I got it to work with ProxyCommand ssh -W %h:%p proxy-hostname as mentioned in https://github.com/microsoft/vscode-remote-release/issues/18#issuecomment-497653207

[bamurtaugh]

Thanks for the discussion here! Upon reviewing this thread, it looks like there are solutions listed, and this isn't quite an issue or feature request lying with Remote - SSH specifically? If folks agree, I'll go ahead and close the issue.

[anuoua]

I think the path of connect.exe need escape
ProxyCommand C:\\Program\ Files\\Git\\mingw64\\bin\\connect.exe -H 127.0.0.1:8080 %h %p it works

[bamurtaugh]

Based on the above, going to close out this thread, but please let me know if there are any other Remote - SSH related inquiries here. Thank you!