Windows, VS Code, Git and SSH Authentication with passphrases

Have you spent the past several hours frantically searching the web for a solution of integrating Git with VSCode? Are you tempted to remove passphrases from your SSH Key just to get around Permission denied (publickey) errors every time you try and clone a repo?

Yes, it is disappointing that there is no clear documentation for this.
Hopefully, this will fill the gap.

Pre-requisites

Windows 10
Git installed
VSCode installed
Created an SSH key using the Git terminal and is passphrase protected.
Added your SSH public key to your chosen Git Service.

Solution

Before starting VSCode, open up a new Windows CMD window.
Enter the command: start-ssh-agent and you will be prompted to provide the passphrase to your SSH Key.

cmd start-ssh-agent
start-ssh-agent

Now you will be able to open VSCode and clone into your repository.

Automation

If you wanted to automate start-ssh-agent and open VSCode at the same time, I have built a batch script that will do just this.

Open text editor and paste in the code below. Save file as VSCode_ssh-agent.bat

I decided to place this file in my Windows home directory. On the Desktop, I created a shortcut to the .bat file and set the icon to point to:

C:\Users\[USER]\AppData\Local\Programs\Microsoft VS Code\Code.exe

The final result:

  1. Check if SSH-AGENT is running.
    If not, start SSH-AGENT and ask for the passphrase for your key.
  2. Start VSCode

Coloured SSH terminal – Ubuntu host

If you SSH into a remote Ubuntu terminal and do not see coloured text, here might be a solution. The problem is on the remote host, where bash is missing the profile and configuration for coloured commands. I will help fix this.

Connect via SSH to the remote host. You need to look for 2 hidden files in the user’s home directory.

  1. .bashrc
  2. .profile

You can check by issuing:

ls -la

If you do not see the aforementioned files, this might be an easy fix.

You should already have a default copy of .bashrc and .profile in a directory called /etc/skel/.

Simply issue these commands to copy them into your user’s home directory:

cp /etc/skel/.bashrc ~/
cp /etc/skel/.profile ~/

Now test this by logging out of your user/SSH and connecting again. Hopefully now you should have a colourful terminal!

SSH bruteforce; change in direction?

One thing that I like to do is read. Stephen King, probably makes up for the majority of fiction I’ve read. Closely followed by Andy McNab, Stieg Larsson and Dan Brown (in no particular order). I like non-fiction too but mainly in the sciences; our treasured Prof. Stephen Hawking (should be knighted), the great Carl Sagan and the inspirational Prof. Brian Cox. I’m sure there’s more unbeknownst yet to make it to my shelf.

However, there’s only really one 100% reliable news page that I have the occasional binge on. Found in  /var/auth.log, this page has it all. Drama, frustration, desperation, success, comedy. Strangely enough, I can genuinely associate these human emotions to this silly little file. Today I will talk about both comedy and perhaps some terror too.

I like to filter the news for most of the comedy.

sudo grep "Invalid user" /var/log/auth.log

Ethen, ftp, 1111, recruit, allison, xbian, uwot, support, hadoop, test, guest, admin, jonah (my fave) … the list literally goes on. Incredible to think that these bots or people have probably cracked open a server using those names before and have been successful? Maybe. Or maybe they are trying to think outside the box. I can literally spend a day trying to understand the reason behind those user names and still be clueless. Hilarious! Jonah.

But it’s the most obvious of them all that worries me. Admin, root, and pi. The latter being the most obtainable. Pi. The default username for a main linux flavour. And maye more.

It’s scary to think that easy to follow guides for home VPN’s, plex, cloud software, ftp, webserver (the list goes on..), may not always be security conscious and may not always instruct the user to change default username, let alone the password or enabling firewall. Lets hope, for their sake, time is spent to secure a home internet facing host and does not help to breach their home networks. Sobering.