Diglett Digs

VS Code not connecting to remote Docker Context?

How to break your remote dev environment with a software update.

Levon Tarver's photo
Levon Tarver
·

2 min read

Table of contents

Today was one of those days where the thing that usually "just works", doesn't. After digging for the solution, I figured I'd share it and hopefully save someone else the headache.

The Complaint

Docker Explorer was timing out when using a docker context that connected to a remote server via ssh and a publickey. The remote server is running Ubuntu 22.04 LTS. The client machine is a M1 Macbook Pro. Docker Explorer worked fine when connecting to the local docker daemon.

The VS Code developer console showed the following errors:

read ECONNRESET: Error: read ECONNRESET
    at TCP.onStreamRead ...

Connection lost before handshake:
  Error: Connection lost before handshake ...

All configured authentication methods failed:
  Error: All configured authentication methods failed ...

Connecting to the target host using SSH on the CLI worked with no problems.

The Cause

Running tail -f /var/log/auth.log on the remote server revealed the following:

May 11 23:23:03 devhost-1 sshd[52654]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

Further research showed that this was due to a recent OpenSSH update:

For most users, this change should be invisible and there is no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible...

Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options.

We recommend enabling RSA/SHA1 only as a stopgap measure until legacy implementations can be upgraded or reconfigured with another key type (such as ECDSA or Ed25519).

The Correction

It seems that VS Code's Docker Explorer uses an outdated SSH client implementation, which was verified by temporarily allowing the older algorithm by adding PubkeyAcceptedKeyTypes=+ssh-rsa to /etc/ssh/sshd_config and restarting sshd. The long term solution was achieved by generating an ecdsa key via ssh-keygen -t ecdsa and adding it to the host via ssh-copy-id.

The Confirmation

After making this change, the Docker Explorer immediately started working again.

IDEsVisual Studio CodeDockerUbuntu