Skip to content

Update 'Connect to your target Linux system in Visual Studio'. #4464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 16, 2023
Merged

Update 'Connect to your target Linux system in Visual Studio'. #4464

merged 1 commit into from
Mar 16, 2023

Conversation

fkelava
Copy link

@fkelava fkelava commented Mar 15, 2023

Clearly state that Windows' default ssh-keygen does not produce valid private keys for use with ConnectionManager/VS, including steps to adjust private keys to conform with it.

Specifically, the reasoning behind this change and the underlying issue are explained clearly in the following Developer Community tickets and SO threads:
https://developercommunity.visualstudio.com/t/Connect-to-Remote-System-fails-to-esta/10311053
https://developercommunity.visualstudio.com/t/cannot-connect-to-remote-using-private-key/1555749
https://stackoverflow.com/questions/53134212/invalid-privatekey-when-using-jsch

Until such a time as ConnectionManager is fixed to be compliant with default ssh-keygen options in modern Windows editions, it should be stated clearly that this is not the case and how this can be resolved.

Update 'Connect to your target Linux system in Visual Studio'.
e5af654 
Clearly state that Windows' default `ssh-keygen` does not
produce valid private keys for use with ConnectionManager/VS,
including steps to adjust private keys to conform with it.
@prmerger-automator prmerger-automator bot requested a review from TylerMSFT March 15, 2023 14:30
@prmerger-automator
Copy link
Contributor

@fkelava : Thanks for your contribution! The author(s) have been notified to review your proposed change.

@learn-build-service-prod
Copy link
Contributor

Learn Build status updates of commit e5af654:

✅ Validation status: passed

File Status Preview URL Details
docs/linux/connect-to-your-remote-linux-computer.md ✅Succeeded

For more details, please refer to the build report.

Note: Links can become broken if there are changes on the target sites.

For any questions, please:

@Court72
Copy link
Contributor

Court72 commented Mar 15, 2023

@TylerMSFT

Can you review the proposed changes?

When the changes are ready for publication, add a #sign-off comment to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged Tracking label for the PR review team label Mar 15, 2023
@fkelava
Copy link
Author

fkelava commented Mar 15, 2023
edited
Loading

To summarize the issue more neatly:

Visual Studio's ConnectionManager.exe component that handles, among others, SSH connections still only accepts private keys in "old" OpenSSH format (today available from ssh-keygen with the option -m pem). The old format has been superseded in OpenSSH 7.8, released in August of 2018. See the first entry under 'Potentially-incompatible changes'.

The problem is not so much the fact that ConnectionManager rejects these keys as the fact Visual Studio does not make this clear in any way. In Visual Studio, if you are trying to add a SSH connection through the 'Connect to Remote System' window, you will instead see a message of 'Failed to negotiate host key algorithm. Only RSA and DSA host keys are supported.', which is in this case entirely incorrect. The article I seek to edit talks at length about VS' supported ciphers and key/kex/MAC algorithms starting from v16.9, but does not mention this private key requirement.

It is mentioned in Set up FIPS-compliant secure remote Linux development, but I find it unintuitive that a general requirement for all private keys should be found in an article concerning FIPS compliance.

Making this clear in the documentation is merely a stopgap, but the issue should be properly resolved by finally updating ConnectionManager to be capable of handling keys OpenSSH produces by default for -t rsa for a solid four and a half years now.

I am open to suggestions on rewording this, placing it in a better position in the article, or reworking it in any way you deem fit.

TylerMSFT
TylerMSFT approved these changes Mar 16, 2023
View reviewed changes
Copy link
Collaborator

@TylerMSFT TylerMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fkelava , thank you for adding this to the docs! It should be live by end of day Monday.

@TylerMSFT
Copy link
Collaborator

#sign-off

@Jak-MS Jak-MS merged commit fed367d into MicrosoftDocs:main Mar 16, 2023
@xPaw
Copy link

xPaw commented Aug 15, 2024
edited
Loading

Well I am currently ratholing into this issue and using -m pem is not actually converting into a PEM key.

@fkelava
Copy link
Author

fkelava commented Aug 21, 2024

If I haven't misread the man page, it seems the equivalent command is now ssh-keygen -e -f <FILE> -m pem. Does that work?

If so, I can amend the docs again.

@xPaw
Copy link

xPaw commented Aug 21, 2024

do_convert_to_pem: unsupported key type ED25519 seems not.

I did get it to eventually work by making a new key, but it was pointless because debugging a self contained .NET binary remotely doesn't work anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TylerMSFT TylerMSFT TylerMSFT approved these changes

Assignees

@TylerMSFT TylerMSFT

Labels
aq-pr-triaged Tracking label for the PR review team Change sent to author qualifies-for-auto-merge ready-to-merge visual-cpp/prod
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@fkelava @Court72 @TylerMSFT @xPaw @Jak-MS