Containers: Git credentials helper is using wrong credentials

[rubensa]

I have a problem with git credentials when I'm using the Remote Development Extension with Docker.
In the host everything works as expected.

In the host machine I have a .ssh/config file with tree different users configured for GitHub, like this:

Host github.com
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_user1
Host github.com-user2
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_user2
Host github.com-user3
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_user3

Whit this configuration, from the host, I can connect to different github repositories using different users (each with it's own certificate).

For example, if I want to use connect to a repo using user3 I can simply clone the repo like this:
git clone git@github.com-user3:user3/the-repo-name.git

And I want to connect using the user1 (the default one) I can simply clone the repo like this:
git clone git@github.com:user1/the-repo-name.git

The certificate to use for the connection is based on the Host propery value, which is checked against the repository URL (github.com-user3 in the fist example and github.com in se second; so ~/.ssh/id_rsa_user3 is used for the first connection and ~/.ssh/id_rsa_user1 for the second).

The problem I'm currently having is that, in a VSCode Terminal, the git credentials helper is, somehow, mixing credentials.
In a VSCode instance, for the repo with the user3, works as expected, but in other VSCode instance, for the repo with default user, it tries to use the user3 credentials.

$ git push
ERROR: Permission to user1/the-repo-name.git denied to user3.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

In the Docker container everything looks Ok, as the environment variable REMOTE_CONTAINERS_IPC is set and looks like the credentials helper ls "reaching" the host credentials (but the wrong ones for some repos).

• VSCode Version: 1.56.0
• Local OS Version: Ubuntu 20.04.2
• Remote OS Version: Ubuntu 20.04.1
• Remote Extension/Connection Type: Docker
• Logs: No logs as the git command is issued manually in the terminal.

Does this issue occur when you try this locally?: No
Does this issue occur when you try this locally and all extensions are disabled?: No

[rubensa]

Looks like the problems was that in one container (the one that works) I was mounting my .ssh folder and in the other one (the one that does not work) I was not.

I think that the remote credentials helper should work without need to mount my .ssh folder in the container.

[chrmarti]

Mounting .ssh should indeed not be necessary. Make sure SSH_AUTH_SOCK is set on the host machine and the keys are added to the ssh-agent. The container might still need the hostname mapping in .ssh/config, I haven't tried this setup yet.

[chrmarti]

If that doesn't work, please attach the log (F1 > Remote-Containers: Show Container Log) from that session.

[rubensa]

SS_AUTH_SOCK is set:

$ echo $SSH_AUTH_SOCK
/run/user/1000/keyring/ssh

With this .ssh/config file:

Host github.com
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_user2

Host github.com-user1
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_user1

Host github.com-user3
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_user3

The keys are added to the agent (not showing real hash):

$ ssh-add -l
3072 SHA256:XXXX /home/rubensa/.ssh/id_rsa_user1 (RSA)
4096 SHA256:XXXX /home/rubensa/.ssh/id_rsa_user2 (RSA)
4096 SHA256:XXXX /home/rubensa/.ssh/id_rsa_user3 (RSA)

Without mounting the .ssh folder, the ssh-agent is using the wrong credentials. (I think that it tries and get the first host name match?)

Currently in a repo configured with user2, If I run:

$ ssh -vT git@github.com
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [140.82.121.4] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: Remote protocol version 2.0, remote software version babeld-cec9758f
debug1: no match: babeld-cec9758f
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:XXXX
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/rubensa/.ssh/id_rsa_user1 RSA SHA256:XXXX agent
debug1: Will attempt key: /home/rubensa/.ssh/id_rsa_user2 RSA SHA256:XXXX agent
debug1: Will attempt key: /home/rubensa/.ssh/id_rsa_user3 RSA SHA256:XXXX agent
debug1: Will attempt key: /home/user/.ssh/id_rsa 
debug1: Will attempt key: /home/user/.ssh/id_dsa 
debug1: Will attempt key: /home/user/.ssh/id_ecdsa 
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/user/.ssh/id_ed25519 
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/user/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/rubensa/.ssh/id_rsa_user1 RSA SHA256:XXXX agent
debug1: Server accepts key: /home/rubensa/.ssh/id_rsa_user1 RSA SHA256:XXXX agent
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([140.82.121.4]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_ALL = en_US.UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi treelogic-hercules! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3240, received 2748 bytes, in 0.2 seconds
Bytes per second: sent 13487.1, received 11439.0
debug1: Exit status 1

as you can see, as all keys match the HostName (github.com), despite not all match the Host (for user1 is github.com-user1 and for user2 is directly github.com) looks like It tries to use any (in alphabetical order) and the first authentication exit is chosen (all can authenticate but only one has write permissions for the specific repository).

In the host, everything works as expected.

In the container as there is no .ssh/config file I can't run something like:

$ ssh -vT git@github.com-user1
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
ssh: Could not resolve hostname github.com-user2: Name or service not known

If I create a .ssh/config with the same content as in the host:

$ ssh -vT git@github.com-user1
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 16: Applying options for github.com-user2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [140.82.121.4] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa_user1 type -1
debug1: identity file /home/user/.ssh/id_rsa_user1-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: Remote protocol version 2.0, remote software version babeld-cec9758f
debug1: no match: babeld-cec9758f
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/user/.ssh/id_rsa_user1  explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa_user1
no such identity: /home/user/.ssh/id_rsa_user1: No such file or directory
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).

Does not work as the /home/user/.ssh/id_rsa_user1 does not exists in the Container, only exists in the host.

So the only working config is by mounting the fulll .ssh folder from the host.

This is the Remote-Containers log:

[121 ms] Remote-Containers 0.177.0 in VS Code 1.56.0 (cfa2e218100323074ac1948c885448fdf4de2a7f).
[119 ms] Start: Resolving Remote
[124 ms] Setting up container for folder or workspace: /work/springboot-error-test
[129 ms] Start: Check Docker is running
[130 ms] Start: Run: docker version --format {{.Server.APIVersion}}
[291 ms] Server API version: 1.40
[321 ms] Start: Run: git rev-parse --show-cdup
[346 ms] Start: Run: docker ps -q -a --filter label=vsch.local.folder=/work/springboot-error-test --filter label=vsch.quality=stable
[456 ms] Start: Run: docker inspect --type container df9af8ab0a1b
[553 ms] Start: Inspecting container
[554 ms] Start: Run: docker inspect --type container df9af8ab0a1be37d90cffbd77be8ea0ed285fc8832b1939be8df890316ab329b
[658 ms] Start: Run in container: /bin/sh
[665 ms] Start: Run in container: uname -m
[845 ms] x86_64
[846 ms] 
[846 ms] Start: Run in container: (cat /etc/os-release || cat /usr/lib/os-release) 2>/dev/null
[851 ms] NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
[852 ms] 
[852 ms] Start: Run in container: cat /etc/passwd
[859 ms] Start: Setup shutdown monitor
[860 ms] Forking shutdown monitor: /home/rubensa/.vscode/extensions/ms-vscode-remote.remote-containers-0.177.0/dist/shutdown/shutdownMonitorProcess /run/user/1000/vscode-remote-containers-a99e84b6c3cc2881d785af720d631d2621eda497.sock singleContainer Debug /home/rubensa/.config/Code/logs/20210511T072359/exthost1/ms-vscode-remote.remote-containers 1620714985567
[870 ms] Start: Run in container: test -d /home/user/.vscode-server
[879 ms] 
[879 ms] 
[880 ms] Start: Run in container: set -o noclobber ; mkdir -p '/home/user/.vscode-server/data/Machine' && { > '/home/user/.vscode-server/data/Machine/.writeMachineSettingsMarker' ; } 2> /dev/null
[895 ms] 
[896 ms] 
[897 ms] Exit code 2
[898 ms] Start: Run in container: cat /home/user/.vscode-server/data/Machine/settings.json
[919 ms] {
        "java.jdt.ls.vmargs": "-noverify -Xmx3G -Xss128M -XX:+UseG1GC -XX:+UseStringDeduplication",
        "java.home": "/opt/sdkman/candidates/java/11.0",
        "spring-boot.ls.java.home": "/opt/sdkman/candidates/java/11.0",
        "maven.executable.preferMavenWrapper": true,
        "java.configuration.runtimes": [
                {
                        "name": "JavaSE-1.8",
                        "path": "/opt/sdkman/candidates/java/8.0"
                },
                {
                        "name": "JavaSE-11",
                        "path": "/opt/sdkman/candidates/java/11.0"
                }
        ],
        "java.import.exclusions": [
                "**/node_modules/**",
                "**/.metadata/**",
                "**/archetype-resources/**",
                "**/META-INF/maven/**",
                "**/NBG-Server/**"
        ],
        "files.watcherExclude": {
                "**/.git/objects/**": true,
                "**/.git/subtree-cache/**": true,
                "**/node_modules/**": true,
                "**/.hg/store/**": true,
                "**/tmp/**": true,
                "**/node_modules": true,
                "**/bower_components": true,
                "**/dist/**": true
        },
        "files.exclude": {
                "**/.git": true,
                "**/.svn": true,
                "**/.hg": true,
                "**/CVS": true,
                "**/.DS_Store": true,
                "**/tmp/**": true,
                "**/.gradle": true,
                "**/.idea": true,
                "**/.mvn": true,
                "**/.classpath": true,
                "**/.project": true,
                "**/.settings": true,
                "**/.factorypath": true
        },
        "search.exclude": {
                "**/node_modules": true,
                "**/bower_components": true,
                "**/*.code-search": true,
                "**/target/**": true,
                "**/dist/**": true,
                "**/coverage": true
        },
        "terminal.integrated.defaultProfile.linux": "bash",
        "terminal.integrated.profiles.linux": {
                "bash": {
                        "path": "/bin/bash",
                        "args": [
                                "-i"
                        ]
                }
        },
        "editor.minimap.enabled": false,
        "local-history.path": "/tmp",
        "editor.renderControlCharacters": true,
        "editor.detectIndentation": false,
        "editor.tabSize": 2,
        "editor.formatOnPaste": true,
        "editor.formatOnSave": true,
        "editor.formatOnType": true,
        "remote.autoForwardPorts": false,
        "workbench.editor.enablePreview": false
}
[919 ms] 
[922 ms] Start: Run in container: test -d /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f
[932 ms] 
[932 ms] 
[933 ms] Start: Run in container: test -d /vscode/vscode-server/bin/x64/cfa2e218100323074ac1948c885448fdf4de2a7f
[935 ms] 
[936 ms] 
[936 ms] Start: Run in container: /bin/sh
[949 ms] Start: Launching Remote-Containers helper.
[949 ms] Start: Run in container: touch '/vscode/vscode-server/bin/x64/cfa2e218100323074ac1948c885448fdf4de2a7f'
[950 ms] Start: Run: gpgconf --list-dir agent-extra-socket
[967 ms] /run/user/1000/gnupg/S.gpg-agent.extra
[967 ms] 
[967 ms] Start: Run in container: gpgconf --list-dir agent-socket
[970 ms] /home/user/.gnupg/S.gpg-agent
[970 ms] 
[971 ms] Start: Run in container: gpgconf --list-dir homedir
[975 ms] /home/user/.gnupg
[975 ms] 
[976 ms] Start: Run in container: ls '/home/user/.gnupg/private-keys-v1.d' 2>/dev/null
[978 ms] 
[978 ms] 
[978 ms] Exit code 2
[979 ms] Start: Run in container: mkdir -p -m 700 '/home/user/.gnupg'
[989 ms] 
[989 ms] 
[989 ms] Start: Run in container: cat <<'EOF-/tmp/vscode-remote-containers-841134cba5a87246ca4fb8e1cf7ac07637b42203.js' >/tmp/vscode-remote-containers-841134cba5a87246ca4fb8e1cf7ac07637b42203.js
[990 ms] Start: Run: gpgconf --list-dir homedir
[1000 ms] 
[1000 ms] 
[1001 ms] Start: Run in container: # Test for /home/user/.ssh/known_hosts and ssh
[1002 ms] /home/rubensa/.gnupg
[1002 ms] 
[1015 ms] /home/user/.ssh/known_hosts exists
[1016 ms] 
[1016 ms] Exit code 1
[1016 ms] Start: Run in container: cat <<'EOF-/tmp/vscode-remote-containers-server-841134cba5a87246ca4fb8e1cf7ac07637b42203.js' >/tmp/vscode-remote-containers-server-841134cba5a87246ca4fb8e1cf7ac07637b42203.js
[1093 ms] 
[1093 ms] 
[1093 ms] Start: Run in container: gpgconf --list-dir homedir
[1094 ms] Start: Run in container: /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node /tmp/vscode-remote-containers-server-841134cba5a87246ca4fb8e1cf7ac07637b42203.js
[1104 ms] Start: Run in container: /bin/bash -ic printenv
[1111 ms] /home/user/.gnupg
[1112 ms] 
[1113 ms] Start: Run in container: # Test for /home/user/.gnupg/pubring.kbx and gpg
[1114 ms] /home/user/.gnupg/pubring.kbx exists
[1114 ms] 
[1115 ms] Exit code 1
[1116 ms] Start: Run in container: # Test for /home/user/.gnupg/trustdb.gpg and gpg
[1119 ms] /home/user/.gnupg/trustdb.gpg exists
[1120 ms] 
[1120 ms] Exit code 1
[1120 ms] Start: Run: gpg-connect-agent updatestartuptty /bye
[1187 ms] 
[1188 ms] 
[1188 ms] Start: Run in container: command -v git >/dev/null 2>&1 && git config --system credential.helper '!f() { /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node /tmp/vscode-remote-containers-841134cba5a87246ca4fb8e1cf7ac07637b42203.js $*; }; f' || true
[1193 ms] 
[1194 ms] 
[1194 ms] Start: Preparing Extensions
[1195 ms] Start: Run in container: set -o noclobber ; mkdir -p '/home/user/.vscode-server/data/Machine' && { > '/home/user/.vscode-server/data/Machine/.installExtensionsMarker' ; } 2> /dev/null
[1244 ms] 
[1244 ms] 
[1245 ms] Exit code 2
[1252 ms] Extensions cache, install extensions: None
[1252 ms] Start: Run in container: test -d /home/user/.vscode-server/extensionsCache && ls /home/user/.vscode-server/extensionsCache || true
[1271 ms] dgileadi.java-decompiler-0.0.2
eamodio.gitlens-11.4.1
gabrielbb.vscode-lombok-1.0.1
madhavd1.javadoc-tools-1.4.0
mhutchie.git-graph-1.30.0
ms-vscode.js-debug-nightly-2021.5.1017
pivotal.vscode-boot-dev-pack-0.0.8
pivotal.vscode-concourse-1.25.1
pivotal.vscode-manifest-yaml-1.25.1
pivotal.vscode-spring-boot-1.25.1
redhat.java-0.79.1
redhat.vscode-commons-0.0.6
redhat.vscode-xml-0.16.0
visualstudioexptteam.vscodeintellicode-1.2.13
vscjava.vscode-java-debug-0.33.1
vscjava.vscode-java-dependency-0.18.3
vscjava.vscode-java-pack-0.14.0
vscjava.vscode-java-test-0.29.0
vscjava.vscode-maven-0.30.1
vscjava.vscode-spring-boot-dashboard-0.2.0
vscjava.vscode-spring-initializr-0.7.0
xyz.local-history-1.8.1
[1271 ms] 
[1272 ms] Start: Run in container: test -d /vscode/vscode-server/extensionsCache && ls /vscode/vscode-server/extensionsCache || true
[1279 ms] angular.ng-template-11.2.10
angular.ng-template-11.2.11
angular.ng-template-11.2.12
angular.ng-template-11.2.13
angular.ng-template-11.2.14
atlassian.atlascode-2.8.6
dgileadi.java-decompiler-0.0.2
eamodio.gitlens-11.4.0
eamodio.gitlens-11.4.1
gabrielbb.vscode-lombok-1.0.1
gitlab.gitlab-workflow-3.18.0
gitlab.gitlab-workflow-3.19.0
gitlab.gitlab-workflow-3.20.0
madhavd1.javadoc-tools-1.4.0
mhutchie.git-graph-1.30.0
mitchdenny.ecdc-1.4.0
ms-vscode.js-debug-nightly-2021.4.1317
ms-vscode.js-debug-nightly-2021.4.1917
ms-vscode.js-debug-nightly-2021.4.2017
ms-vscode.js-debug-nightly-2021.4.2117
ms-vscode.js-debug-nightly-2021.4.2217
ms-vscode.js-debug-nightly-2021.4.2317
ms-vscode.js-debug-nightly-2021.4.2617
ms-vscode.js-debug-nightly-2021.4.2917
ms-vscode.js-debug-nightly-2021.5.1017
ms-vscode.js-debug-nightly-2021.5.317
ms-vscode.js-debug-nightly-2021.5.617
ms-vscode.vscode-typescript-tslint-plugin-1.3.3
pivotal.vscode-boot-dev-pack-0.0.8
pivotal.vscode-concourse-1.25.1
pivotal.vscode-manifest-yaml-1.25.1
pivotal.vscode-spring-boot-1.25.1
redhat.fabric8-analytics-0.3.2
redhat.java-0.77.0
redhat.java-0.78.0
redhat.java-0.79.0
redhat.java-0.79.1
redhat.vscode-xml-0.16.0
visualstudioexptteam.vscodeintellicode-1.2.13
vscjava.vscode-java-debug-0.33.0
vscjava.vscode-java-debug-0.33.1
vscjava.vscode-java-dependency-0.18.3
vscjava.vscode-java-pack-0.13.0
vscjava.vscode-java-pack-0.14.0
vscjava.vscode-java-test-0.29.0
vscjava.vscode-maven-0.30.1
vscjava.vscode-spring-boot-dashboard-0.2.0
vscjava.vscode-spring-initializr-0.7.0
xyz.local-history-1.8.1
[1279 ms] 
[1280 ms] Extensions cache, link in container: None
[1281 ms] Start: Run in container: for pid in `cd /proc && ls -d [0-9]*`; do { echo $pid ; readlink /proc/$pid/cwd ; readlink /proc/$pid/ns/mnt ; cat /proc/$pid/stat | tr "
[1461 ms] Extension host agent is already running.
[1462 ms] Start: Run in container: cat /home/user/.vscode-server/data/Machine/.devport 2>/dev/null || cat /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/.devport 2>/dev/null
[1465 ms] 36451
[1466 ms] 
[1467 ms] Port forwarding for container port 36451 starts listening on local port.
[1468 ms] Port forwarding local port 36451 to container port 36451
[1470 ms] Start: Run in container: set -o noclobber ; mkdir -p '/home/user/.vscode-server/data/Machine' && { > '/home/user/.vscode-server/data/Machine/.postCreateCommandMarker' ; } 2> /dev/null
[1474 ms] 
[1474 ms] 
[1474 ms] Exit code 2
[1476 ms] Start: Run in container: # Test for /home/user/.gitconfig and git
[1478 ms] /home/user/.gitconfig exists
[1478 ms] 
[1478 ms] Exit code 1
[1479 ms] Start: Run in container: command -v git >/dev/null 2>&1 && git config --global credential.helper '!f() { /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node /tmp/vscode-remote-containers-841134cba5a87246ca4fb8e1cf7ac07637b42203.js $*; }; f' || true
[1484 ms] 
[1485 ms] 
[1517 ms] SHELL=/bin/bash
NVM_RC_VERSION=
CONDA_EXE=/opt/conda/bin/conda
_CE_M=
HOSTNAME=df9af8ab0a1b
LANGUAGE=en_US:en
JAVA_HOME=/opt/sdkman/candidates/java/current
REMOTE_CONTAINERS_IPC=/tmp/vscode-remote-containers-ipc-841134cba5a87246ca4fb8e1cf7ac07637b42203.sock
SDKMAN_CANDIDATES_DIR=/opt/sdkman/candidates
PWD=/vscode/vscode-server/bin/x64/cfa2e218100323074ac1948c885448fdf4de2a7f
TZ=Europe/Madrid
GROUP_NAME=group
USER_NAME=user
HOME=/home/user
LANG=en_US.UTF-8
LS_COLORS=
SDKMAN_VERSION=5.11.0+644
NVM_DIR=/opt/nvm
_CE_CONDA=
REMOTE_CONTAINERS_SOCKETS=["/tmp/vscode-ssh-auth-841134cba5a87246ca4fb8e1cf7ac07637b42203.sock","/home/user/.gnupg/S.gpg-agent"]
CONDA_SHLVL=0
SDKMAN_DIR=/opt/sdkman
SHLVL=0
NVM_CD_FLAGS=
SDKMAN_CANDIDATES_API=https://api.sdkman.io/2
CONDA_PYTHON_EXE=/opt/conda/bin/python
LC_ALL=en_US.UTF-8
PATH=/opt/sdkman/candidates/java/current/bin:/opt/conda/condabin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SDKMAN_PLATFORM=LinuxX64
DEBIAN_FRONTEND=
_=/usr/bin/printenv
[1517 ms] bash: cannot set terminal process group (923): Inappropriate ioctl for device
bash: no job control in this shell

[1533 ms] Port forwarding connection from 40144 > 36451 > 36451 in the container.
[1534 ms] Start: Run in container: /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node -e 
[1801 ms] Port forwarding connection from 40154 > 36451 > 36451 in the container.
[1802 ms] Start: Run in container: /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node -e 
[3721 ms] Start: Run in container: cat /proc/1166/environ
[35879 ms] Start: Run in container: cat /proc/1672/environ
[49020 ms] Port forwarding connection from 40212 > 36451 > 36451 in the container.
[49021 ms] Start: Run in container: /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node -e 
[54394 ms] Port forwarding 40212 > 36451 > 36451 stderr: Remote close
[54418 ms] Port forwarding 40212 > 36451 > 36451 terminated with code 0 and signal null.
[1230044 ms] Port forwarding 40212 > 36451 > 36451: Local close
[1230044 ms] Port forwarding connection from 40576 > 36451 > 36451 in the container.
[1230045 ms] Start: Run in container: /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node -e 
[1235283 ms] Port forwarding 40576 > 36451 > 36451 stderr: Remote close
[1235309 ms] Port forwarding 40576 > 36451 > 36451 terminated with code 0 and signal null.
[1334768 ms] Port forwarding 40576 > 36451 > 36451: Local close
[1334769 ms] Port forwarding connection from 40620 > 36451 > 36451 in the container.
[1334770 ms] Start: Run in container: /home/user/.vscode-server/bin/cfa2e218100323074ac1948c885448fdf4de2a7f/node -e 
[1339947 ms] Port forwarding 40620 > 36451 > 36451 stderr: Remote close
[1339968 ms] Port forwarding 40620 > 36451 > 36451 terminated with code 0 and signal null.
[2574824 ms] Port forwarding 40620 > 36451 > 36451: Local close
[2612982 ms]

[chrmarti]

It is possible that this does not work over an ssh-agent connection. Have you tried copying the .ssh/config and removing the IdentityFile lines from that copy?

[rubensa]

Tried just now, but no luck. It's always using the first key to try to authenticate and, as it success, uses the wrong credentials for the repository.

[rubensa]

It is possible that this does not work over an ssh-agent connection.

@chrmarti I found that that's the problem.

The easiest way to make it work is by copying .ssh/config and all .ssh/*.pub files from the host to the container (the private part of the key is not needed as that should be provided by the ssh-agent).

It would be great if that file copy could be automated on first container build or on container connect (for updates in the host), with an option to disable this automated copy if you don't want it to happen. (Looking at Dev Containers log, this is currently been done for .ssh/known_hosts so the same mechanism could be used)

NOTE: As an alternative "manual" configuration (until this is eventually supported) you can copy just the .ssh/id_rsa_user1.pub (or the pub part of the key your repo needs) from the host to the .ssh/id_rsa.pub file in the container (as this is one of the predefined credential files used by ssh-agent). Then the right key is used (as the matching private for the provided public key among all available keys is used).

[rubensa]

@chrmarti Could this automated copy of .ssh/config and .ssh/*.pub from host to container be done (as is currently been done for .ssh/known_hosts) or is not an option for any reason I'm missing?

NOTE: Other option could be to add new devcontainer.json properties like postCreateCommand, postStartCommand and postAttachCommand but to be run on the host machine (like initializeCommand), so the user could execute a docker copy command. Also access to some variable with the container id should be provided (so the target container could be referenced in the copy command). The container id must somehow currently be used internally by vscode-remote to interact with the container but don't know if that id is exposed to be used by other scripts.

[chrmarti]

We might consider adding a config option (a user setting, probably not in the devcontainer.json since it's user-specific) to copy arbitrary files to the container.

Another option might be to use ssh-add on the host machine to add the key you need and remove the others. Running multiple ssh-agents on the host, one for each key, could also work, but I don't know if that would be convenient.

[rubensa]

I think that a user setting is not enough as for the same user you need to copy different files for different containers so I think that the setting should be linked to the specific container (and user).
Is there some kind of devcontainer.json by user override mechanism available? Think that right now that mechanism does not exist and you must "touch" locally any thing you want to override in the project devcontainer.json.

I don't know if using multiple ssh-agent on the host could be automated but think It would be difficult to get the "link" between the right agent with the right VSCode workspace.

[chrmarti]

#3279 is about overlaying devcontainer.json (in a slightly different context).

[rubensa]

#3279 is about overlaying devcontainer.json (in a slightly different context).

Nice to know about that proposal.

[rubensa]

@chrmarti I think that It's a bit difficult for this issue to be upvoted as there is not a specific feature-request and the description in the original issue is not very correct (I know now, after all the comments, but not when I opened the original issue).

To summarize (should I open a new feature-request with this?):

Featrue-Request: Automate the copy of ~/.ssh/config and ~/.ssh/*.pub from the host to the container.

• This process should be done as currently is been done for ~/.ssh/known_hosts.
• Ideally there should be a setting for the container and user pair (see: Overlay .devcontainer #3279 about overlaying devcontainer.json).
• As, for now, this is not possible, the config setting should be allowed both as a user (for all containers for this user) and devcontainer.json (for all users of this container) setting. You can choose with one to use.

This should solve the problem that the ssh client inside the container is not providing the right ssh credentials (when multiple credentials are added to the host ssh-agent).

[chrmarti]

A new issue would make sense. 👍

What is the reason mounting the .ssh folder is not a workable solution?

[rubensa]

Cause is "risky" as, if you mount your hole .ssh folder, the Container has access to your private ssh keys (and that's the reason for using the ssh-agent in the first place, isn't it?) With the provided proposal, the Container only sees the public keys and the ssh-agent is in charge for providing the private ones.

[rubensa]

Feature request created: #5207

[chrmarti]

Continuing there, thanks.