VS Code Remote does not work with Raspberry Pi

I have openhabian successfully installed with OH 2.5.0.M1 Milestone Build, and I want to use VS Code with remote access.

I can successfully remote as user openhabian via ssh using the command line of the remote (linux) machine into my RPi with:

ssh openhabian@<my_RPi_IP_Address>

However, I could not establish a remote connection using the VS Code extension Remote - SSH: Explorer.

I think it failed because you have to generate a public RSA key on the remote host (RPi) and copy it to the remote client, and you have to generate it using the openhab user, not openhabian, at least according to this thread.

So I tried to SSH with openhab and the default password habopen. That password failed, so I went into

openhabian-config

and changed the openhab password (using the password change menu selection for remote console).

According to the openhabian installation guide, “All password can be changed from openHABian menu.”

openhabian-config confirmed the password was “successfully changed” but it did not display a user name it was applied to. That is, it did not list openhab. It was just "…password was successfully changed for ". I tried to change user (su) from the remote (openhabian) command line using the changed password, but it did not work.

Then, I tried binding the remote to all interfaces using the changed password:

2019-06-27_15:51:28_CDT [openHABian] Binding the openHAB remote console on all interfaces... 
$ sed -i s/sshHost = 127.0.0.1/sshHost = 0.0.0.0/g /var/lib/openhab2/etc/org.apache.karaf.shell.cfg 

$ sed -i s/openhab = .*,/openhab = changed_password,/g /var/lib/openhab2/etc/users.properties 

$ systemctl restart openhab2.service 
OK

From the openhabian session, I did successfully SSH into the karaf console using

ssh -p 8101 openhab@localhost

Even though you cannot generate the keys from the karaf console, I was able to access the openhab user.

So is there anything I can do to get access to the openhab user at the command line?

This is incorrect. You are logging in as the user openhabian so you will copy it to the openhabian user. I believe, by default, you can’t log in as the openhab user so you can’t ssh to the machine using that user. If you can, then something is missconfigured.

There is no password for the openhab user.

That is for access to the Karaf console, not the machine. You cannot get to the file system which is where VSCode edits the config files through the Karaf Console.

No, because you don’t need to and the openhab user is forbidden from allowing this. You need to configure VSCode to use the openhabian user, not openhab.

When I enter the remote command (that works correctly at the command prompt on the remote machine) in VS Code, the extension returns:

Can't connect to ssh openhabian 192.168.1.13: unreachable or not Linux x86_64 (ssh: Could not resolve hostname ssh openhabian 192.168.1.13: Name or service not known

So I think the issue is this:

If you are using password auth, please set remote.SSH.showLoginTerminal

See Visual Studio Code Remote Development Troubleshooting Tips and Tricks for more details.

I will try to do this and post back results. Thanks for your help!

This is a problem with the way VS Code runs on my version of Linux (Arch). I changed the config and VS Code then prompted me for a password via a terminal “subwindow”, but the subwindow did not accept my keystrokes even when it was the correct password.

I think you are correct that it should work with user openhabian, but it looks like the problem is on the remote side, not OH2.

Perhaps its late while I’m reading the forums, but I have been able to access the openhab user account from the CLi as I needed to push or pull ssh keys to systems so I can issue suspend/hibernate commands from OH to the remote systems to avoid password prompts.

sudo -u openhab /bin/bash

Not suggesting to go about leveraging this for VS Code purposes, just that it can be done for SSH with executecommandline needs.

Right there is your problem with VS Code Remote-SSH: non-x86 Linux is not yet supported. Same for Alpine and other non-glibc Linux based distros.

Teaser: It works very well with an x86 Debian system… .

In that case what the poster is doing is creating a login-able openhab user on a remote machine (i.e. not the one running openHAB) and using ssh to log in to that remote machine from openHAB. OP needs to log into the machine running openHAB. By default, with a standard openHABian or apt install, this is impossible. The openhab user doesn’t have a shell:

openhab:x:110:114:openhab2 runtime user,,,:/var/lib/openhab2:/bin/false

This is the line from /etc/passwd. The last part is the default shell. As you can see, the default shell is /bin/false. You cannot log in as any user that doesn’t have a workable shell. Sometimes you may also see /bin/nologin or /bin/noshell instead of /bin/false. If you look at /etc/passwd you will see lots of accounts with /bin/false (or equivalent) as their shell. This is a security measure. You don’t want a computerized service to fall back to a workable shell that an attacker can then exploit. So if you crash the service, you can’t do anything.

In the case of using sudo -u openhab you are not logging in as the openhab user. You are logged in as some other user and using your root permissions (sudo) to run a single command as the openhab user (-u openhab). In that example, the /bin/bash is the command being run which will open another shell running as the openhab user. But this is not logging in as the openhab user. You can’t use this to ssh from another machine to this machine as the openhab user. You can’t use this to log in as the openhab user from the login prompt.

Aaaahhhh I didn’t realize the shell was set to /bin/false.

I was also thinking that by doing the sudo as the openhab user, you would be able to generate the ssh keys/config needed for the VScode support to work. In my environment I don’t have a need for this (currently) and just leverage samba, but have slowly started banging my head against node red for the rules anyway (making the samba usage becoming less needed).

As always kudos for the excellent information @rlkoshak!!!

Actually you could, to generate the keys. But once you connected you wouldn’t have a shell to work in and ssh will kick you out. To make it work as the openhab user, you would have to also change the default shell.

I actually need to look into this more for my configuration. I have my config files shared using samba but my daily driver machine these days is a Chromebook, and right now (soon maybe) you cannot mount a samba share into the Linux file system (on a Chromebook web, android, and linux are kept pretty separated). Using ssh in VSCode would let me streamline my current process of using git.

Wouldn’t this be a permission problem as the files are owned by openhab? Not to say, that the permissions or group could be updated to allow the non-openhab user to read/write on the files?

If you create the ssh certs using sudo -u openhab or chmod/chown the files after you create them there shouldn’t be any problem. As you can see in the passwd entry above, the default home directory for openhab is /var/lib/openhab2 so you would just need to create the certs, put them into /var/lib/openhab2/.ssh and set ownership and permissions appropriately (user read only, owned by openhab).

If you create them using sudo -u openhab all that should happen automagically.

Personally, as a “do as I say not as I do” case, I just created one set of keys and I copy them around to all my machines rather than create separate sets for each user on each machine. I have other mitigations in place so I’m not too worried about this poor security practice on my personal network.

Should of specified the files I had in mine as being the ones in /etc/openhab2, if you are connecting VScode via SSH and not using the openhab user; wouldn’t you need to modify the permissions/group for VScode to have read/write?

Oh, right. Isn’t the openHABian user already a member of the openhab group? Don’t the file permissions have group write? I don’t have a standard openHABian so can’t look myself.

If the answers are no then yes, the file permissions would need to be opened up.

I’m running debian, so I’m also not able to review the group membership.

[10:20:02] openhabian@openHABianPi:~$ grep 'openhabian' /etc/group
adm:x:4:openhabian
tty:x:5:openhab,openhabian
dialout:x:20:openhabian,openhab
cdrom:x:24:openhabian
sudo:x:27:openhabian
audio:x:29:openhabian,openhab
video:x:44:openhabian
plugdev:x:46:openhabian
games:x:60:openhabian
users:x:100:openhabian
input:x:101:openhabian
netdev:x:108:openhabian
bluetooth:x:111:openhab,openhabian
spi:x:999:openhabian
i2c:x:998:openhabian
gpio:x:997:openhabian,openhab
openhabian:x:1000:
openhab:x:114:openhabian

So yes, openhabian is a member of openhab.

Apparently, VS Code remote does not work with RPi:

This is why I cannot get VS Code to work.

Note: I changed the title of this thread based on my previous post.

That’s what I said with the Pi being an ARM based device, but apperently I was not clear enough…

I was confused before because the ARM Cortex-A53 (RPi 3) implements a 64-bit instruction set, and I thought the issue was 32 bit.

The insiders versions of vscode/Remote SSH work with RPi now, though it’s a bit tricky to get it to work.