The Python 'b' flag is ignored, since SSH treats all files as binary. The 'U' flag is supported in a compatible way. Since 1.5.2, an 'x' flag indicates that the operation should only succeed if the file was created and did not previously exist. This has no direct mapping to Python’s file flags, but is commonly known as the OEXCL flag in posix. -type f -iname '.'.

The OpenSSH Project. OpenSSH has 3 repositories available. Follow their code on GitHub. There are multiple options to use SSH in Python but Paramiko is the most popular one. Paramiko is an SSHv2 protocol library for Python. In this lesson, I’ll show you how to use Paramiko to connect to a Cisco IOS router, run a show command, and return the output to us. Pxssh is a screen-scraping wrapper around the SSH command on your system. In many cases, you should consider using Paramiko or RedExpect instead. Paramiko is a Python module which speaks the SSH protocol directly, so it doesn’t have the extra complexity of running a local subprocess. RedExpect is very similar to pxssh except that it reads.

Note

pxssh is a screen-scraping wrapper around the SSH command on your system.In many cases, you should consider usingParamiko orRedExpect instead.Paramiko is a Python module which speaks the SSH protocol directly, so itdoesn’t have the extra complexity of running a local subprocess.RedExpect is very similar to pxssh except that it reads and writes directlyinto an SSH session all done via Python with all the SSH protocol in C,additionally it is written for communicating to SSH servers that are not justLinux machines. Meaning that it is extremely fast in comparison to Paramikoand already has the familiar expect API. In most cases RedExpect and pxsshcode should be fairly interchangeable.

This class extends pexpect.spawn to specialize setting up SSH connections.This adds methods for login, logout, and expecting the shell prompt.

PEXPECT LICENSE

This license is approved by the OSI and FSF as GPL-compatible.

http://opensource.org/licenses/isc-license.txt

Copyright (c) 2012, Noah Spurrier <noah@noah.org>PERMISSION TO USE, COPY, MODIFY, AND/OR DISTRIBUTE THIS SOFTWARE FOR ANYPURPOSE WITH OR WITHOUT FEE IS HEREBY GRANTED, PROVIDED THAT THE ABOVECOPYRIGHT NOTICE AND THIS PERMISSION NOTICE APPEAR IN ALL COPIES.THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIESWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OFMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FORANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGESWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN ANACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OFOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Raised for pxssh exceptions.

pxssh class¶

This class extends pexpect.spawn to specialize setting up SSHconnections. This adds methods for login, logout, and expecting the shellprompt. It does various tricky things to handle many situations in the SSHlogin process. For example, if the session is your first login, then pxsshautomatically accepts the remote certificate; or if you have public keyauthentication setup then pxssh won’t wait for the password prompt.

pxssh uses the shell prompt to synchronize output from the remote host. Inorder to make this more robust it sets the shell prompt to something moreunique than just $ or #. This should work on most Borne/Bash or Csh styleshells.

Example that runs a few commands on a remote server and prints the result:

Example showing how to specify SSH options:

Note that if you have ssh-agent running while doing development with pxsshthen this can lead to a lot of confusion. Many X display managers (xdm,gdm, kdm, etc.) will automatically start a GUI agent. You may see a GUIdialog box popup asking for a password during development. You should turnoff any key agents during testing. The ‘force_password’ attribute will turnoff public key authentication. This will only work if the remote SSH serveris configured to allow password logins. Example of using ‘force_password’attribute:

debug_command_string is only for the test suite to confirm that the stringgenerated for SSH is correct, using this will not allow you to doanything other than get a string back from pxssh.pxssh.login().

This is the constructor. The command parameter may be a string thatincludes a command and any arguments to the command. For example:

You may also construct it with a list of arguments like so:

After this the child application will be created and will be ready totalk to. For normal use, see expect() and send() and sendline().

Remember that Pexpect does NOT interpret shell meta characters such asredirect, pipe, or wild cards (>, |, or *). This is acommon mistake. If you want to run a command and pipe it throughanother command then you must also start a shell. For example:

The second form of spawn (where you pass a list of arguments) is usefulin situations where you wish to spawn a command and pass it its ownargument list. This can make syntax more clear. For example, thefollowing is equivalent to the previous example:

The maxread attribute sets the read buffer size. This is maximum numberof bytes that Pexpect will try to read from a TTY at one time. Settingthe maxread size to 1 will turn off buffering. Setting the maxreadvalue higher may help performance in cases where large amounts ofoutput are read back from the child. This feature is useful inconjunction with searchwindowsize.

When the keyword argument searchwindowsize is None (default), thefull buffer is searched at each iteration of receiving incoming data.The default number of bytes scanned at each iteration is very largeand may be reduced to collaterally reduce search cost. Afterexpect() returns, the full buffer attribute remains up tosize maxread irrespective of searchwindowsize value.

When the keyword argument timeout is specified as a number,(default: 30), then TIMEOUT will be raised after the valuespecified has elapsed, in seconds, for any of the expect()family of method calls. When None, TIMEOUT will not be raised, andexpect() may block indefinitely until match.

The logfile member turns on or off logging. All input and output willbe copied to the given file object. Set logfile to None to stoplogging. This is the default. Set logfile to sys.stdout to echoeverything to standard output. The logfile is flushed after each write.

Example log input and output to a file:

Example log to stdout:

The logfile_read and logfile_send members can be used to separately logthe input from the child and output sent to the child. Sometimes youdon’t want to see everything you write to the child. You only want tolog what the child sends back. For example:

You will need to pass an encoding to spawn in the above code if you areusing Python 3.

To separately log output sent to the child use logfile_send:

If ignore_sighup is True, the child process will ignore SIGHUPsignals. The default is False from Pexpect 4.0, meaning that SIGHUPwill be handled normally by the child.

The delaybeforesend helps overcome a weird behavior that many userswere experiencing. The typical problem was that a user would expect() a“Password:” prompt and then immediately call sendline() to send thepassword. The user would then see that their password was echoed backto them. Passwords don’t normally echo. The problem is caused by thefact that most applications print out the “Password” prompt and thenturn off stdin echo, but if you send your password before theapplication turned off echo, then you get your password echoed.Normally this wouldn’t be a problem when interacting with a human at areal keyboard. If you introduce a slight delay just before writing thenthis seems to clear up the problem. This was such a common problem formany users that I decided that the default pexpect behavior should beto sleep just before writing to the child application. 1/20th of asecond (50 ms) seems to be enough to clear up the problem. You can setdelaybeforesend to None to return to the old behavior.

Note that spawn is clever about finding commands on your path.It uses the same logic that “which” uses to find executables.

If you wish to get the exit status of the child you must call theclose() method. The exit or signal status of the child will be storedin self.exitstatus or self.signalstatus. If the child exited normallythen exitstatus will store the exit return code and signalstatus willbe None. If the child was terminated abnormally with a signal thensignalstatus will store the signal value and exitstatus will be None:

If you need more detail you can also read the self.status member whichstores the status returned by os.waitpid. You can interpret this usingos.WIFEXITED/os.WEXITSTATUS or os.WIFSIGNALED/os.TERMSIG.

The echo attribute may be set to False to disable echoing of input.As a pseudo-terminal, all input echoed by the “keyboard” (send()or sendline()) will be repeated to output. For many cases, it isnot desirable to have echo enabled, and it may be later disabledusing setecho(False) followed by waitnoecho(). However, for someplatforms such as Solaris, this is not possible, and should bedisabled immediately on spawn.

If preexec_fn is given, it will be called in the child process beforelaunching the given command. This is useful to e.g. reset inheritedsignal handlers.

The dimensions attribute specifies the size of the pseudo-terminal asseen by the subprocess, and is specified as a two-entry tuple (rows,columns). If this is unspecified, the defaults in ptyprocess will apply.

The use_poll attribute enables using select.poll() over select.select()for socket handling. This is handy if your system could have > 1024 fds

The regex pattern to search for to find the prompt. If you call login()with auto_prompt_reset=False, you must set this attribute manually.

If this is set to True, public key authentication is disabled, forcing theserver to ask for a password. Note that the sysadmin can disable passwordlogins, in which case this won’t work.

The dictionary of user specified SSH options, eg, options=dict(StrictHostKeyChecking='no',UserKnownHostsFile='/dev/null')

This logs the user into the given server.

It uses ‘original_prompt’ to try to find the prompt right after login.When it finds the prompt it immediately tries to reset the prompt tosomething more easily matched. The default ‘original_prompt’ is veryoptimistic and is easily fooled. It’s more reliable to try to match the originalprompt as exactly as possible to prevent false matches by serverstrings such as the “Message Of The Day”. On many systems you candisable the MOTD on the remote server by creating a zero-length filecalled ~/.hushlogin on the remote server. If a prompt cannot be foundthen this will not necessarily cause the login to fail. In the case ofa timeout when looking for the prompt we assume that the originalprompt was so weird that we could not match it, so we use a few tricksto guess when we have reached the prompt. Then we hope for the best andblindly try to reset the prompt to something more unique. If that failsthen login() raises an ExceptionPxssh exception.

In some situations it is not possible or desirable to reset theoriginal prompt. In this case, pass auto_prompt_reset=False toinhibit setting the prompt to the UNIQUE_PROMPT. Remember that pxsshuses a unique prompt in the prompt() method. If the original prompt isnot reset then this will disable the prompt() method unless youmanually set the PROMPT attribute.

Set password_regex if there is a MOTD message with password in it.Changing this is like playing in traffic, don’t (p)expect it to match straightaway.

If you require to connect to another SSH server from the your original SSHconnection set spawn_local_ssh to False and this will use your currentsession to do so. Setting this option to False and not having an active sessionwill trigger an error.

Set ssh_key to a file path to an SSH private key to use that SSH keyfor the session authentication.Set ssh_key to True to force passing the current SSH authentication socketto the desired hostname.

Set ssh_config to a file path string of an SSH client config file to pass thatfile to the client to handle itself. You may set any options you wish in here, howeverdoing so will require you to post extra information that you may not want to if yourun into issues.

Alter the cmd to change the ssh client used, or to prepend it with networknamespaces. For example `cmd='ipnetnsexecvlan2ssh'` to execute the ssh innetwork namespace named `vlan`.

Sends exit to the remote shell.

If there are stopped jobs then this automatically sends exit twice.

Match the next shell prompt.

This is little more than a short-cut to the expect()method. Note that if you called login() withauto_prompt_reset=False, then before calling prompt() you mustset the PROMPT attribute to a regex that it will use formatching the prompt.

Calling prompt() will erase the contents of the beforeattribute even if no prompt is ever matched. If timeout is not given orit is set to -1 then self.timeout is used.

This attempts to find the prompt. Basically, press enter and recordthe response; press enter again and record the response; if the tworesponses are similar then assume we are at the original prompt.This can be a slow function. Worst case with the default sync_multipliercan take 12 seconds. Low latency connections are more likely to failwith a low sync_multiplier. Best case sync time gets worse with ahigh sync multiplier (500 ms with default).

This sets the remote prompt to something more unique than # or $.This makes it easier for the prompt() method to match the shell promptunambiguously. This method is called automatically by the login()method, but you may want to call it manually if you somehow reset theshell prompt. For example, if you ‘su’ to a different user then youwill need to manually reset the prompt. This sends shell commands tothe remote host to set the prompt, so this assumes the remote host isready to receive commands.

Alternatively, you may use your own prompt pattern. In this case youshould call login() with auto_prompt_reset=False; then set thePROMPT attribute to a regular expression. After that, theprompt() method will try to match your prompt pattern.

The Visual Studio Code Remote - SSH extension allows you to open a remote folder on any remote machine, virtual machine, or container with a running SSH server and take full advantage of VS Code's feature set. Once connected to a server, you can interact with files and folders anywhere on the remote filesystem.

No source code needs to be on your local machine to gain these benefits since the extension runs commands and other extensions directly on the remote machine.

This lets VS Code provide a local-quality development experience — including full IntelliSense (completions), code navigation, and debugging — regardless of where your code is hosted.

Getting started

Note: After reviewing this topic, you can get started with the introductory SSH tutorial.

System requirements

Local: A supported OpenSSH compatible SSH client must also be installed.

Remote SSH host: A running SSH server on:

• x86_64 Debian 8+, Ubuntu 16.04+, CentOS / RHEL 7+.
• ARMv7l (AArch32) Raspbian Stretch/9+ (32-bit).
• ARMv8l (AArch64) Ubuntu 18.04+ (64-bit).
• Windows 10 / Server 2016/2019 (1803+) using the official OpenSSH Server.
• macOS 10.14+ (Mojave) SSH hosts with Remote Login enabled.

Other glibc based Linux distributions for x86_64, ARMv7l (AArch32), and ARMv8l (AArch64) should work if they have the needed prerequisites. See the Remote Development with Linux article for information prerequisites and tips for getting community supported distributions up and running.

While ARMv7l (AArch32) and ARMv8l (AArch64) support is available, some extensions installed on these devices may not work due to the use of x86 native code in the extension.

Installation

To get started, you need to:

1. Install an OpenSSH compatible SSH client if one is not already present.

2. Install Visual Studio Code or Visual Studio Code Insiders.

3. Install the Remote Development extension pack.

SSH host setup

1. If you do not have an SSH host set up, follow the directions for Linux, Windows 10 / Server (1803+), or macOS SSH host or create a VM on Azure.

2. [Optional] If your Linux or macOS SSH host will be accessed by multiple users at the same time, consider enabling Remote.SSH: Remote Server Listen On Socket in VS Code User settings for improved security.

   In the Settings editor:

   See the Tips and Tricks article for details.

3. [Optional] While password-based authentication is supported, we recommend setting up key based authentication for your host. See the Tips and Tricks article for details.

Connect to a remote host

To connect to a remote host for the first time, follow these steps:

1. Verify you can connect to the SSH host by running the following command from a terminal / PowerShell window replacing user@hostname as appropriate.

2. In VS Code, select Remote-SSH: Connect to Host... from the Command Palette (F1) and use the same user@hostname as in step 1.

3. If VS Code cannot automatically detect the type of server you are connecting to, you will be asked to select the type manually.

   Once you select a platform, it will be stored in VS Code settings under the remote.SSH.remotePlatform property so you can change it at any time.

4. After a moment, VS Code will connect to the SSH server and set itself up. VS Code will keep you up-to-date using a progress notification and you can see a detailed log in the Remote - SSH output channel.

   Tip: Connection hanging or failing? See troubleshooting tips for information on resolving common problems.

   If you see errors about SSH file permissions, see the section on Fixing SSH file permission errors.

5. After you are connected, you'll be in an empty window. You can always refer to the Status bar to see which host you are connected to.

   Clicking on the Status bar item will provide a list of remote commands while you are connected.

6. You can then open any folder or workspace on the remote machine using File > Open... or File > Open Workspace... just as you would locally!

From here, install any extensions you want to use when connected to the host and start editing!

Note: On ARMv7l / ARMv8l glibc SSH hosts, some extensions may not work due to x86 compiled native code inside the extension.

Disconnect from a remote host

To close the connection when you finish editing files on the remote host, choose File > Close Remote Connection to disconnect from the host. The default configuration does not include a keyboard shortcut for this command. You can also simply exit VS Code to close the remote connection.

Remember hosts and advanced settings

If you have a set of hosts you use frequently or you need to connect to a host using some additional options, you can add them to a local file that follows the SSH config file format.

To make setup easy, the extension can guide you through adding a host without having to hand edit this file.

Start by selecting Remote-SSH: Add New SSH Host... from the Command Palette (F1) or clicking on the Add New icon in the SSH Remote Explorer in the Activity Bar.

You'll then be asked to enter the SSH connection information. You can either enter a host name:

Or the full ssh command you would use to connect to the host from the command line:

Finally, you'll be asked to pick a config file to use. You can also set the 'remote.SSH.configFile' property in your User settings.json file if you want to use a different config file than those listed. The extension takes care of the rest!

For example, entering ssh -i ~/.ssh/id_rsa-remote-ssh yourname@remotehost.yourcompany.com in the input box would generate this entry:

See Tips and Tricks for details on generating the key shown here. You can manually edit this file with anything the SSH config file format supports, so this is just one example.

From this point forward, the host will appear in the list of hosts when you select Remote-SSH: Connect to Host... from the Command Palette (F1) or in the SSH Targets section of the Remote Explorer.

The Remote Explorer allows you to both open a new empty window on the remote host or directly open a folder you previously opened. Expand the host and click on the Open Folder icon next to the folder you want to open on the host.

Managing extensions

VS Code runs extensions in one of two places: locally on the UI / client side, or remotely on the SSH host. While extensions that affect the VS Code UI, like themes and snippets, are installed locally, most extensions will reside on the SSH host. This ensures you have smooth experience and allows you to install any needed extensions for a given workspace on an SSH host from your local machine. This way, you can pick up exactly where you left off, from a different machine complete with your extensions.

If you install an extension from the Extensions view, it will automatically be installed in the correct location. Once installed, you can tell where an extension is installed based on the category grouping.

There will be a category for your remote SSH host:

And also a Local - Installed category:

Note: If you are an extension author and find that your extension is not working properly or installs in the wrong place, see Supporting Remote Development for details.

Local extensions that actually need to run remotely will appear dimmed and disabled in the Local - Installed category. Select Install to install an extension on your remote host.

You can also install all locally installed extensions on the SSH host by going to the Extensions view and selecting Install Local Extensions in SSH: [Hostname] using the cloud button at the right of the Local - Installed title bar. This will display a dropdown where you can select which locally installed extensions to install on your SSH host.

'Always installed' extensions

If there are extensions that you would like to always have installed on any SSH host, you can specify which ones using the remote.SSH.defaultExtensions property in settings.json. For example, if you wanted to install the GitLens and Resource Monitor extensions, specify their extension IDs as follows:

Advanced: Forcing an extension to run locally / remotely

Extensions are typically designed and tested to either run locally or remotely, not both. However, if an extension supports it, you can force it to run in a particular location in your settings.json file.

For example, the setting below will force the Docker extension to run locally and Debugger for Chrome extension to run remotely instead of their defaults:

A value of 'ui' instead of 'workspace' will force the extension to run on the local UI/client side instead. Typically, this should only be used for testing unless otherwise noted in the extension's documentation since it can break extensions. See the article on Supporting Remote Development for details.

Forwarding a port / creating SSH tunnel

Sometimes when developing, you may need to access a port on a remote machine that is not publicly exposed. There are two ways to do this using an SSH tunnel that 'forwards' the desired remote port to your local machine.

Temporarily forwarding a port

Once you are connected to a host, if you want to temporarily forward a new port for the duration of the session, select Forward a Port from the Command Palette (F1) or click on the Forward New Port icon in the Remote Explorer after selecting it from the Activity Bar.

You'll be asked to enter the port you would like to forward and you can give it a name.

A notification will tell you the localhost port you should use to access the remote port. For example, if you forwarded an HTTP server listening on port 3000, the notification may tell you that it was mapped to port 4123 on localhost since 3000 was already in use. You can then connect to this remote HTTP server using http://localhost:4123.

This same information is available in the Forwarded Ports section of the Remote Explorer if you need to access it later.

If you would like VS Code to remember any ports you have forwarded, check Remote: Restore Forwarded Ports in the Settings editor (⌘, (Windows, Linux Ctrl+,)) or set 'remote.restoreForwardedPorts': true in settings.json.

Change local port on tunnel

If you would like the local port of the tunnel to be different than the remote server's, you can change this via the Forwarded Ports panel.

Right-click the tunnel you want to modify, and select Change Local Port in the context menu.

Always forwarding a port

If you have ports that you always want to forward, you can use the LocalForward directive in the same SSH config file you use to remember hosts and advanced settings.

For example, if you wanted to forward ports 3000 and 27017, you could update the file as follows:

Opening a terminal on a remote host

Opening a terminal on the remote host from VS Code is simple. Once connected, any terminal window you open in VS Code (Terminal > New Terminal) will automatically run on the remote host rather than locally.

You can also use the code command line from this same terminal window to perform a number of operations such as opening a new file or folder on the remote host. Type code --help to see all the options available from the command line.

Debugging on the SSH host

Once you are connected to a remote host, you can use VS Code's debugger in the same way you would when running the application locally. For example, if you select a launch configuration in launch.json and start debugging (F5), the application will start on remote host and attach the debugger to it.

See the debugging documentation for details on configuring VS Code's debugging features in .vscode/launch.json.

SSH host-specific settings

VS Code's local User settings are also reused when you are connected to an SSH host. While this keeps your user experience consistent, you may want to vary some of these settings between your local machine and each host. Fortunately, once you have connected to a host, you can also set host-specific settings by running the Preferences: Open Remote Settings command from the Command Palette (F1) or by selecting on the Remote tab in the Settings editor. These will override any User settings you have in place whenever you connect to the host. And Workspace settings will override Remote and User settings.

Working with local tools

The Remote - SSH extension does not provide direct support for sync'ing source code or using local tools with content on a remote host. However, there are two ways to do this using common tools that will work with most Linux hosts. Specifically, you can:

1. Mount the remote filesystem using SSHFS.
2. Sync files to/from the remote host to your local machine using rsync.

SSHFS is the most convenient option and does not require any file sync'ing. However, performance will be significantly slower than working through VS Code, so it is best used for single file edits and uploading/downloading content. If you need to use an application that bulk reads/write to many files at once (like a local source control tool), rsync is a better choice.

Known limitations

Remote - SSH limitations

• Using key based authentication is strongly recommended. Passwords and other tokens entered for alternate authentication methods are not saved.
• Alpine Linux and non-glibc based Linux SSH hosts are not supported.
• Older (community supported) Linux distributions require workarounds to install the needed prerequisites.
• PuTTY is not supported on Windows.
• If you clone a Git repository using SSH and your SSH key has a passphrase, VS Code's pull and sync features may hang when running remotely. Either use an SSH key without a passphrase, clone using HTTPS, or run git push from the command line to work around the issue.
• Local proxy settings are not reused on the remote host, which can prevent extensions from working unless the appropriate proxy information is configured on the remote host (for example global HTTP_PROXY or HTTPS_PROXY environment variables with the appropriate proxy information).
• See here for a list of active issues related to SSH.

Docker Extension limitations

While the Docker extension can run both remotely and locally, if it is already installed locally, you will be unable to install on a remote SSH host without first uninstalling it locally. We will address this problem in a future VS Code release.

Extension limitations

Many extensions will work on remote SSH hosts without modification. However, in some cases, certain features may require changes. If you run into an extension issue, there is a summary of common problems and solutions that you can mention to the extension author when reporting the issue.

In addition, some extensions installed on ARMv7l (AArch322) / ARMv8l (AArch64) devices may not work due to native modules or runtimes in the extension that only support x86_64. In these cases, the extensions would need to opt-in to supporting these platforms by compiling / including binaries for ARMv7l / ARMv8l.

Common questions

How do I set up an SSH client on ...?

See Installing a supported SSH client for details.

How do I set up an SSH server on ...?

See Installing a supported SSH server for details on setting up an SSH server for your host.

Can I sign in to my SSH server with another/additional authentication mechanism like a password?

Yes, you should be prompted to enter your token or password automatically. However, passwords are not saved, so using key based authentication is typically more convenient.

How do I fix SSH errors about 'bad permissions'?

See Fixing SSH file permission errors for details on resolving these types of errors.

What Linux packages / libraries need to be installed on remote SSH hosts?

Most Linux distributions will not require additional dependency installation steps. For SSH, Linux hosts need to have Bash (/bin/bash), tar, and either curl or wget installed and those utilities could be missing from certain stripped down distributions. Remote Development also requires kernel >= 3.10, glibc >=2.17, libstdc++ >= 3.4.18. Only glibc-based distributions are supported currently, so by extension Alpine Linux is not supported.

See Linux Prerequisites for details.

What are the connectivity requirements for the VS Code Server when it is running on a remote machine / VM?

Installation of VS Code Server requires that your local machine has outbound HTTPS (port 443) connectivity to:

• update.code.visualstudio.com
• vscode.blob.core.windows.net
• *.vo.msecnd.net (Azure CDN)

By default, the Remote - SSH will attempt to download on the remote host, but if you enable remote.SSH.allowLocalServerDownload, the extension will fall back to downloading VS Code Server locally and transferring it remotely once a connection is established.

You can install extensions manually without an internet connection using the Extensions: Install from VSIX... command, but if you use the extension panel to install extensions, your local machine and VS Code Server server will need outbound HTTPS (port 443) access to:

Python Ssh Github

• marketplace.visualstudio.com
• *.vo.msecnd.net (Azure CDN)
• *.gallerycdn.vsassets.io (Azure CDN)

Finally, some extensions (like C#) download secondary dependencies from download.microsoft.com or download.visualstudio.microsoft.com. Others (like Visual Studio Live Share) may have additional connectivity requirements. Consult the extension's documentation for details if you run into trouble.

All other communication between the server and the VS Code client is accomplished through the authenticated, secure SSH tunnel.

Can I use local tools on source code sitting on the remote SSH host?

Yes. Typically this is done using SSHFS or by using rsync to get a copy of the files on your local machine. SSHFS mounts the remote filesystem is ideal for scenarios where you need to edit individual files or browse the source tree and requires no sync step to use. However, it is not ideal for using something like a source control tool that bulk manages files. In this case, the rsync approach is better since you get a complete copy of the remote source code on your local machine. See Tips and Tricks for details.

Can I use VS Code when I only have SFTP/FTP filesystem access to my remote host (no shell access)?

Some cloud platforms only provide remote filesystem access for developers rather than direct shell access. VS Code Remote Development was not designed with this use case in mind since it negates the performance and user experience benefits.

However, this use case can typically be handled by combining extensions like SFTP with remote debugging features for Node.js, Python, C#, or others.

As an extension author, what do I need to do?

Python Openssh

The VS Code extension API abstracts away local/remote details so most extensions will work without modification. However, given extensions can use any node module or runtime they want, there are situations where adjustments may need to be made. We recommend you test your extension to be sure that no updates are required. See Supporting Remote Development for details.

Openssh Python

Questions or feedback

Python Paramiko

• See Tips and Tricks or the FAQ.
• Search on Stack Overflow.
• Add a feature request or report a problem.
• Contribute to our documentation or VS Code itself.
• See our CONTRIBUTING guide for details.