SSH Agent Forwarding not working with Remote SSH on MacOS (still a problem)
Problem
The title is the same as microsoft/vscode-remote-release#2671 because I'm having precisely the same problem, and that issue was closed without a resolution. In short, ssh agent forwarding does not work in VSCode, despite working just fine when I SSH in via the terminal. It seems to be due to a stale / cached `SSH_AUTH_SOCK`. The workaround suggested in microsoft/vscode-remote-release#2671 no longer works, but a minor modification does it for me. See below. VSCode Version: [code block] OS: Darwin 20.6.0 Local OS Version: MacOS 11.6.1 Remote OS Version: `Debian GNU/Linux 10 (buster) (GNU/Linux 4.19.0-18-cloud-amd64 x86_64)` Remote Extension/Connection Type: SSH Steps to Reproduce: 1. set up ssh config with a host you want to forward your ssh agent keys to and set 'ForwardAgent yes' 1. Connect via terminal ssh and perform an operation requiring your forwarded key (in my case, `ssh -T git@github.com`) 1. launch VSCode and validate that $SSH_AUTH_SOCK is set 1. Connect via Remote-SSH, then use the VSCode terminal to run `ssh -T git@github.com`. This time, I receive a permission denied error. Does this issue occur when you try this locally?: NA Does this issue occur when you try this locally and all extensions are disabled?: NA Possible cause The environment variable `SSH_AUTH_SOCK` appears to be stale. A workaround is to run [code block] which sets the socket to the newest one. Note that this workaround is quite fragile, as I had to modify the previous workaround to mak
Unverified for your environment
Select your OS to check compatibility.
2 Fixes
Fix SSH Agent Forwarding in VSCode on MacOS
The issue arises due to a stale or cached `SSH_AUTH_SOCK` environment variable when using VSCode's Remote-SSH feature. Unlike terminal SSH, VSCode may not correctly inherit the updated socket path, leading to permission denied errors when accessing remote services that require SSH key authentication.
Awaiting Verification
Be the first to verify this fix
- 1
Check Current SSH_AUTH_SOCK
Open a terminal and check the current value of the SSH_AUTH_SOCK environment variable to ensure it is set correctly.
bashecho $SSH_AUTH_SOCK - 2
Modify SSH Config
Ensure your SSH config file (usually located at ~/.ssh/config) has the correct settings for agent forwarding. Add or confirm the following line under the relevant host entry: `ForwardAgent yes`.
yamlHost your_remote_host ForwardAgent yes - 3
Update SSH_AUTH_SOCK in VSCode
Before connecting to the remote host in VSCode, run the following command in the VSCode terminal to update the SSH_AUTH_SOCK variable to the current socket path.
bashexport SSH_AUTH_SOCK=$(ls /private/tmp/com.apple.launchd.* | grep ssh | head -n 1) - 4
Connect to Remote Host
Use the Remote-SSH extension in VSCode to connect to your remote host. Ensure that the connection is established without errors.
plaintextRemote-SSH: Connect to Host... - 5
Test SSH Key Access
Once connected, open the integrated terminal in VSCode and run a command that requires SSH authentication, such as `ssh -T git@github.com`, to verify that agent forwarding is functioning correctly.
bashssh -T git@github.com
Validation
To confirm that the fix worked, ensure that the command `ssh -T git@github.com` executes successfully without permission denied errors. Additionally, verify that the SSH_AUTH_SOCK variable points to the correct socket path in the VSCode terminal.
Sign in to verify this fix
1 low-confidence fix
Fix SSH Agent Forwarding in VSCode on MacOS
The issue arises due to a stale or cached `SSH_AUTH_SOCK` environment variable when using VSCode's Remote-SSH extension. This prevents the SSH agent from properly forwarding keys, resulting in permission denied errors when attempting to use SSH commands in the VSCode terminal.
Awaiting Verification
Be the first to verify this fix
- 1
Check Current SSH_AUTH_SOCK
Open your terminal and check the current value of the `SSH_AUTH_SOCK` variable to ensure it is set correctly before launching VSCode.
bashecho $SSH_AUTH_SOCK - 2
Modify SSH Config for Agent Forwarding
Ensure your SSH config file (usually located at ~/.ssh/config) has the correct settings for agent forwarding. Add or verify the following line under your host configuration: `ForwardAgent yes`.
yamlHost your_remote_host ForwardAgent yes - 3
Update SSH_AUTH_SOCK in VSCode
Before connecting to the remote host in VSCode, run the following command in the VSCode terminal to update the `SSH_AUTH_SOCK` variable to the latest socket. This ensures that the correct socket is being used for agent forwarding.
bashexport SSH_AUTH_SOCK=$(ls -t /private/tmp/com.apple.launchd.* | head -n 1) - 4
Connect to Remote Host via VSCode
Use the Remote-SSH extension in VSCode to connect to your remote host. Ensure that you are using the updated `SSH_AUTH_SOCK` variable.
typescriptRemote-SSH: Connect to Host... - 5
Test SSH Key Access
Once connected to the remote host, open a new terminal in VSCode and test your SSH key access by running a command like `ssh -T git@github.com`. You should no longer receive a permission denied error.
bashssh -T git@github.com
Validation
To confirm the fix worked, ensure that you can successfully run `ssh -T git@github.com` in the VSCode terminal without any permission denied errors. Additionally, verify that the `SSH_AUTH_SOCK` variable points to a valid socket by checking its value before and after connecting to the remote host.
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep