KeeAgent, VS-Code and Linux

You can use KeeAgent to open VS Code in your Linux Server with an SSH Key stored in KeePass, seemlessly. Let's start by explaining some of those terms.

• VS Code is an editor by Microsoft. Architectually it's split into a front-end and back-end (VS Code Server) which means the front-end can run on your Windows machine, but the back-end can run on your server in the cloud.
• By Linux Server I mean any box really that allows SSH login (given that now includes Windows 🤷) and a supported CPU (no Raspberry PI Zero 😢).
• KeePass is a local Password Manager that stores username and passwords for us.
• KeeAgent is a plugin for KeePass. It'll act as a SSH authentication agent for us.

Let's start with an empty KeePass instance. I'm using Windows Sandbox for all of this to keep things barebones.

Install OpenSSH Client

Ensure the optional feautre of "OpenSSH Client" is available with the command Add-WindowsCapability -Online -Name OpenSSH.Client. When you run ssh in Powershell you should see the following.

Download KeePass

KeePass can be downloaded from here. KeePass acts as a database for all your username and passwords.

Download KeeAgent

KeeAgent is a plugin for KeePass that adds SSH public-key support. It can be downloaded from the Website linked here. To install it, you copy the KeeAgent.plgx file into the KeePass Plugins directory.

Create a new KeePass Database

Run the KeePass exe, then use File -> New... to create a new DB if you haven't before.

Add the SSH Entry to KeePass

Use Entry -> Add Entry... to add a new Entry. Set the Title to the address of your server, the Username to the username you use to login to your SSH server and the url to ssh://{TITLE}.

Now go to Advanced and use the Attach button to add an attachment to the Entry. You want to attach your private key that you use to authenticate with your SSH Server. This can be either a PEM or a PPK file.

Then go further across to the KeeAgent tab and check Allow KeeAgent to use this entry. KeeAgent offers a collection of helpful things here, including the PublicKey in the format you'll need to add to authorized_keys on the server if that's not done already.

Enable KeeAgents Auth service

Go to Tools -> Options within KeePass and go to the KeeAgent tab. Check the option Enable agnet for Windows OpenSSH (experimental).

And now restart KeePass.

If you see the error above, you might need to stop the "OpenSSH Authentication Agent" service. As shown below:

Install VS Code

You can download VS Code from here.

Install the "Remote - SSH" extension

Add a new SSH Host

Use Ctrl-Shift-P to open the Command Palette and then run the command Remote-SSH: Add New SSH Host..., then add a target SSH address, in our case it's [email protected] which was an Azure Host I spun up to demo this.

Hit enter and save the entry to any option you like. You should see a box appear, click Connect or use the Command Palette to run the command Remote-SSH: Connect Current Window to Host... and select the host you just added.

You might see the following option, select as appropriate.

Then you'll see the following:

Whenever the KeeAgent is asked to authenticate something you'll see a notification. If the process completes sucessfully, you'll see in your Files tab that you can now open remote folders.

Open a remote directory and you'll see yourself now with a VS Code instance within your remote server.

From here you have a collection of interesting tools to try out. By clicking the No Ports Available message at the bottom you can see how you can forward ports (meaning that your local ports are routed to the remote), letting you access services running on the remote.

For example, the above is where I've installed Docker and spun up a hashicorp/http-echo image on the remote-server and forwarded the port locally which you can see in the browser.