Windows server core can be managed remotely easily using VSCode, thanks to its built-in explorer.
From Remote coding to Remote management
VSCode is a great open source success. It has become a must have tool in a few years of existence, it is used by a wide range of developer for nearly all development languages.
Tons of developers have created tons of plugins, from Python development to edition of Yaml configuration files (with “intellisense”, Microsoft name for auto completion + syntax highlighting + go to definition), there is a plugin for everything (coding, analysis, powershell, bash, …).
VSCode is so fast that it nicely replaces any text editor, including notepad. Thank you Microsoft!
Recently, VSCode has improved by filling a new gap, with a flagship feature called “remote coding”. With remote coding, VSCode connects to any machine (linux or windows), any docker container, any Azure VM, anything supporting its virtual filesystem through a plugin. You can remotely edit files, execute commands, compile, debug ... on any linux, mac or Windows box.
This is where we start
To use “Remote coding”, install the plugin “Remote Development”. It includes SSH, Docker and WSL (linux) filesystem plugins.
To manage our Windows machine, I enable the OpenSSH server bundled with Windows Server 2019, and I use the “Remote-SSH” VSCode plugin to open a remote folder on the server. From there, I will be able to view the remote filesystem in the VSCode explorer, download or upload files by drag/dropping in the VSCode explorer window, edit any remote file directly, use the remote powershell or CMD command prompt directly from VSCode.
In the future you may be able to use WinRM to do the same, but it’s not available yet (maybe it is not in Microsoft’s plan as it may have some licensing issue: the SSH server is not limited in the number of concurrent connections, and Microsoft is selling CAL to access Windows Server).
No need to fear about the security: by default all local users can connect to the ssh server, using their user name and password. They are mapped to the security context of their account.
Install the SSH capability on Windows Server
Open an elevated powershell prompt and execute these commands:
Get-WindowsCapability -Online -Name Open*
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
It will install 2 services (disabled by default). Verify that with this command:
sshd is the ssh server. ssh-agent is a helper that can keep a user’s private ssh key in a windows store and use it automatically when needed. It is more useful on a client computer when using ssh keys.
Start the services:
Set-Service -Name sshd -StartupType Automatic
Set-Service -Name ssh-agent -StartupType Automatic
That’s all. You can test that your ssh server is working by trying the following command on a recent windows 10 or on any linux (replace 220.127.116.11 by either the host name or the IP address of your windows server):
Use the administrator’s password when prompted. Once logged in, you can start issue window’s CMD commands!
If you don’t already have ssh.exe available, use this powershell command to install it:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Using VSCode to manage Windows Server 2019 Core
You will need to install VSCode insider version (as of march 2020), which will be installed side by side with the stable version. Then install the Remote Development preview plugin. The insider VSCode version has a green icon, the stable VSCode version has a blue icon.
After the plugin is installed, clic on the bottom-left icon. Select SSH / new ssh connection.
Use this connection for user “administrator” on server 18.104.22.168:
you will see a prompt for the password, and you will be connected! Now open any file/folder, use the remote powershell command prompt, drag or drop files from/to the folder view. Start managing freely your windows server 2019!
I hope you enjoy! Leave a message if so! ❣
Note: if something goes wrong, check the output window of VSCode. The whole log of the ssh exchange is displayed. That will help you fix things.
🔑 Use an SSH key instead of a password
An SSH key can be used instead of a Windows account’s password to connect to our Windows Server. You can use the same SSH key to connect to multiple servers with multiple account names. Also, multiple users with their own SSH key can connect to the same windows server account.
A SSH key is made of 2 files: a private key file and a public key file. The private key contains the public key. You can generate a new key by following this “Host key generation” guide.
Add the public key of all authorized users to the Windows server account where logon should be granted: append each public key (a public key is one line of text starting with ssh-rsa) to the %USERPROFILE%\.ssh\authorized_keys text file (1 public key per line).
Note: make sure there is no extension to authorized_keys. Ie: not authorized_keys.txt !
You can also, instead, use this file to grant global access to all local accounts: $env:ProgramData\ssh\administrators_authorized_keys
On a client computer, install and start ssh-agent as explained previously. Then use this command to add your private key into the ssh agent:
You should then be able to connect to your server using the command line or VSCode without having to enter a password.
If you want to debug failed ssh connections, use this command which logs the full ssh protocol exchange with extended details:
ssh -v firstname.lastname@example.org
SSH And powershell
The new Powershell Core (pwsh) natively supports ssh connections, from Windows to linux, but also from linux to Windows (and of course from Windows to Windows).
$session = New-PSSession -HostName UbuntuVM1 -UserName TestUser
For this to work, powershell core must be installed on all machines, including linux. The current powershell core version is 7. The shortcut to start it is pwsh, not powershell. Powershell core runs side by side with the “old” powershell.
Using SSH with Powershell Core 7 using an SSH key instead of a password: https://docs.microsoft.com/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-7
SSH with powershell core