I’m using visual studio code a lot. It has a lot of extensions that will make your life a bit easier. And one my of my top favorites has become remote-ssh.
With remote-ssh you can use VSC on a remote server/VM. It uses the ssh protocol to connect to the remote server, install the remote component, and you can use the remote system as a local system.
What am I using it for ?
Well, I have a homelab to get accustomed to and explore VMware software. I use it to fiddle around with software solutions and get accustomed with solutions like GIT, Docker, Ansible and Kubernetes. And all those solutions are text based… Yes off course there are GUI shells for these solutions, but that will not help you to get sufficient with these solutions.
So you need an IDE, and my choice is VSC with remote-ssh As a VMware fan boy, I like to use photonOS for my linux VMs.
How to configure photonOS for VSC & remote-ssh
I make the following assumptions:
it is a test/dev environment (we logging in as root) not a production environment
tdnf updateinfo and tndf -y update has been run
you have internet connection with the photonOS VM
To make remote-ssh work with photonOS you need to do these things
install tar tdnf -y install tar Remote-ssh uses tar to extract its remote server software
edit sshd_config at /etc/ssh/sshd_config and set the following settings
(bonus / optional) Add your public SSH key to the <user>/.ssh/authorized_keys file. When using root to login, the location is /root/.ssh/authorized_keys else it is /home/<username>/.ssh.authorized_keys
So, Apple is big on security. Which is a good thing. But sometimes, it is too strict. I’m busy remodelling my homelab, and one of the actions is reïnstalling a clean vCenter appliance. And I thought let’s do it from the CLI !!!
Yeah…. so I ran vcsa-deploy and got the error that the app is downloaded from the internet and not to be trusted. So you can allow it via the system preferences, but the MAC OSx gatekeeper keeps irritating you with all the warnings about the libraries that are loaded
Yes, certificate missery. In the wisdom of great corperations, for our safety, it is deiced that the maximum SSL/TLS certificate validity is one year. Yes, really… don’t believe me, just check this search for it ssl lifetime 1 year at DuckDuckGo
From the security side of things this is a good thing. Because it mitigates the risk of a hacked certificate. But from an administration point of view….. HEADACHE. Especially for certificates that are used internally in your production sites. Now you need to replace the certificates every year for your servers. At least for those servers that run web services because your browser is going to nag you that the site isn’t safe anymore. Yes another warning. And you know what happens to warnings, in the end they will think for you, and won’t allow you to access the website anymore.
so SSL certificate monitoring becomes more importent, and having a plan / replacement strategy for SSL certificates would be a good thing to have. Do you have an up-to-date overview of all the SSL certificates in your network ? Maybe a good idea to have it up-to-date and monitor them.