I installed the Remote-SSH add-on in VS code. I was able to connect to my server which uses key encrypted login with a passphrase. This included using Windows 10 ssh-agent as described here:

https://code.visualstudio.com/docs/remote/troubleshooting#_setting-up-the-ssh-agent

# Make sure you're running as an Administrator
Set-Service ssh-agent -StartupType Automatic
Start-Service ssh-agent
Get-Service ssh-agent

After rebooting, I opened VS Code back up and only to find out that I was able to log back into my server without having to enter my passphrase. To me, this was terribly disturbing. I shutdown and restarted – same thing.

My understanding of agent is that you authenticate once at the beginning of a session and your passphrase should be held (encrypted) in memory and should not persist after the program closes; like how PuTTY, MobaXterm, and any terminal in Linux or Mac operates.

I immediately began cussing out Windows developers for being so stupid, muttering VS code, WSL, open-ssh for windows is a nice try to attract developers, but again a total fail. ...but maybe I'm missing something or my understanding is incorrect?

It just seems painfully obvious that if you guarded a private key with a passphrase, you would not want that passphrase to persist because that defeats the whole purpose of the passphrase in the first place. If my client is compromised, so is my server. Why would one just not just create a private key without a passphrase if they NEVER wanted to enter the password? I guess if sshd requires both and the person is lazy..?

I came back to my computer 8 hours later and powered it on, very curious to see if agent is still holding my passphrase and key. I opened up VS code to connect to my remote server and got the following error:

warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512)

mkdir: cannot create directory ‘/home/myname/.vscode-server’: Permission denied

bash: line 48: /home/myname/.vscode-server/bin/ 6129338/vscode-remote-lock.: No such fil e or directory flock: 99: Installation already in progress... Bad file descriptor flock: 99: Bad file descriptor flock: 99: Bad file descriptor

"install" terminal command done Received install output: flock: 99: Bad file descriptor Failed to parse remote port from server output: flock: 99: Bad file descriptor

(where looks like a hex number but I removed it because I'm not sure what I'm dealing with here.)

It looks like there's a manual fix: https://github.com/PowerShell/Win32-OpenSSH/issues/1263 but I'm not even sure I trust Windows now (not that I did before).

How could my key persist across reboots? Is it because of the terrible Windows 10 Cortana Startup "feature" that reopens all your opened programs? I haven't been able to figure out how to turn this off yet, but I hate it. I assume to make this possible, Windows must have to dump memory onto disk, so it's available at startup? Does this mean my passphrase was stored on disk?

Please tell me I'm wrong.