-
Notifications
You must be signed in to change notification settings - Fork 524
SSH
In order to connect to a remote Docker daemon over SSH (as opposed to HTTPS with certificate authentication), there are two options for configuring the extension.
The simplest way is to use VSCode's Remote - SSH extension, from the Remote Development extension pack.
- Run command
Remote-SSH: Add new SSH host...
and follow the prompts to set up a connection to the target host. - Run command
Remote-SSH: Connect to host...
and connect to the host. - A new VSCode window opens, remoted to the target machine. If using password authentication, the password will be prompted here. It is recommended to set up SSH key authentication, for ease of use. In the Extensions tab, install the Docker extension (on the remote host) (a reload may be required after this step):
- Enjoy!
NOTE: If you are using the Extension to build Docker images, etc. (and thus you have source code for something)--the above approach probably means you have to have your source enlistment on the remote host, rather than your local machine. If you are just using the extension for the Explorer features then you can disregard this.
It is possible to connect to a remote Docker daemon over SSH without using VSCode Remoting, but it is more complicated. This is only recommended if you cannot have your source code on the Docker daemon server.
- Use
ssh-keygen
or similar to get and configure a public/private key pair for SSH authentication: https://www.ssh.com/ssh/keygen/. Password authentication is not supported by Docker and not possible with aDOCKER_HOST
-based configuration. If a key pair has already been set up, it can be used. - Configure
ssh-agent
on the local system with the private key file produced above.- Windows (OpenSSH): the latest version(s) of Windows 10 include OpenSSH by default. There is a Windows service,
ssh-agent
that is disabled by default, and needs to be re-enabled and set to automatic start. From an admin command prompt, runsc config ssh-agent start=auto
andnet start ssh-agent
. Then, dossh-add <keyfile>
. - Windows (Pageant): You can use Pageant instead of OpenSSH, in which case it is necessary to set the environment variable
SSH_AUTH_SOCK=pageant
. Making that a user or system environment variable will be easiest. - Linux (Ubuntu was tested, your mileage may vary):
ssh-agent
is present by default. Dossh-add <keyfile>
. - Mac:
ssh-agent
is present by default, butssh-add
does not persist across logins. Dossh-add <keyfile>
. We recommend configuring VSCode to run this command on terminal startup withterminal.integrated.shellArgs.osx
, or otherwise configuring a startup script, or otherwise just manually running that command each login.
- Windows (OpenSSH): the latest version(s) of Windows 10 include OpenSSH by default. There is a Windows service,
- Verify that your identity is available to the agent with
ssh-add -l
. It should list one or more identities that look something like2048 SHA256:abcdefghijk somethingsomething (RSA)
. If it does not list any identity, you will not be able to connect. Also, it needs to have the right identity, of course. The Docker CLI working does not mean that the Explorer window will work--the Explorer window uses dockerode (which in turn uses ssh2), whereas the Docker CLI uses simply thessh
command, and benefits from more automatically inferred configuration. - Configure VSCode with your
DOCKER_HOST
tossh://username@host
. If you don't include username, it will use your current local user name, which may be wrong.- You can simply use the
DOCKER_HOST
environment variable, or - There's a setting
docker.host
in VSCode which has the same effect, but allows for user or workspace settings instead of machine settings.
- You can simply use the
- It is recommended to change the refresh rate to something longer with the
docker.explorerRefreshInterval
setting. The connection over SSH is slow, and it can result in trying to refresh again before the previous refresh even finished. We recommend at least 3000 ms.
Maintaining good quality documentation is a priority for the Docker extension team. If you find missing or inaccurate content, or if you'd like to extend the wiki with a topic or tutorial, please let us know by opening an issue.