Vscode-remote-release: Limit number of reconnections to avoid spamming 2fa requests

I don't follow why connecting works on the initial connection, but not during reconnection.

Also, if the 2fa prompt says "Verification code: " which is a typical one I've seen, then it should detect that and show a prompt. But if it's something custom, it won't. Can you share a log from the Remote-SSH output channel from a time when this happens?

There are two reasons why the reconnection occasionally fails for me: the 2fa-request does not reach my mobile device or I simply miss it, because I'm not aware of the reconnection in the background.

I'll send you more details on the 2fa we use in a direct message. It does not use the prompt you suggested, so no prompt is shown. But it also works for non-interactive sessions, e.g., scp-commands, and simply chooses the the first option for the 2fa-request, which is what happens in the case of VS Code remote connection and which generally works well for login.

Through email we worked out that there is not much we can do in vscode to work better with 2fa, but we could disable or limit reconnecting. Last message:

I could certainly disable reconnecting or limit the number of reconnections. Which one would you want? One problem with limiting the number of reconnections is that if you limit it to 2, then you have 5 windows open, you will still get 10 reconnection attempts, so disabling it entirely might be the more useful option for you.

Thanks, @roblourens! I personally rarely if ever use more than 2 windows connecting to the same remote host, so limiting the number of connections would be best. And if you allow 0 as a valid entry, the same setting could be used to turn it off completely.

My team has recently started experimenting with the remote development plugin and has experienced an issue with our Duo two-factor auth. Here's example output showing the connection failure:

@roblourens You mentioned:

if the 2fa prompt says "Verification code: " which is a typical one I've seen, then it should detect that and show a prompt

Is that prompt configurable via a user setting so we could match this format of two-factor challenge? Or do you have a suggestion for how we can make the remote dev plugin work with Duo protected SSH sessions?

[11:09:21.172] SSH Resolver called for "ssh-remote+fake-hostname", attempt 4, (Reconnection)
[11:09:21.172] SSH Resolver called for host: fake-hostname
[11:09:21.172] Setting up SSH remote "fake-hostname"
[11:09:21.173] Using commit id "26076a4de974ead31f97692a0d32f90d735645c0" and quality "stable" for server
[11:09:21.179] Running script with connection command: ssh -T -D 57236 -o ConnectTimeout=15 fake-hostname bash
[11:09:21.180] Install and start server if needed
[11:09:22.703] > Duo two-factor login for fake-username
> 
> Enter a passcode or select one of the following options:
> 
> Passcode: 
[11:09:22.703] Got some output, clearing connection timeout
[11:09:36.234] > Connection timed out during banner exchange
[11:09:36.481] "install" terminal command done
[11:09:36.481] Install terminal quit with output: Passcode: Connection timed out during banner exchange
[11:09:36.481] Received install output: Passcode: Connection timed out during banner exchange
[11:09:36.482] Resolver error: The connection timed out
[11:09:36.485] ------

I can support this prompt too. For now, if you set "remote.SSH.showLoginTerminal": true, then you should be able to enter your code into the actual terminal.

I filed https://github.com/microsoft/vscode-remote-release/issues/2170 for that @traviscrawford

Thanks for the followup! I confirmed setting "remote.SSH.showLoginTerminal": true shows the login prompt within VSCode and I was able to login. You need to manually dismiss the Reconnect modal in order to enter the 2fa code, but aside from that it worked!

Added a new setting, remote.SSH.maxReconnectionAttempts, in tomorrow's nightly build of the extension