agents: add keyboard-interactive SSH auth fallback

[roblourens]

Fixes #315588

Problem

When connecting to a configured SSH host in Agent mode, the connection only attempted SSH agent + default identity files. For hosts that require password / 2FA via keyboard-interactive auth (which works fine via the OpenSSH CLI), all attempts failed with All configured authentication methods failed:

[SSHRemoteAgentHost] Built 2 auth attempt(s): agent, publickey ~/.ssh/id_rsa
[SSHRemoteAgentHost] Trying auth: agent
[SSHRemoteAgentHost] Trying auth: publickey ~/.ssh/id_rsa
[SSHRemoteAgentHost] No more auth methods to try; giving up
[SSHRemoteAgentHost] SSH connection error: All configured authentication methods failed

Change

Adds a keyboard-interactive attempt as the final fallback in Agent mode. When ssh2 picks it:

1. Main process emits onDidRequestKeyboardInteractive with the server-supplied prompts
2. Renderer (SSHRemoteAgentHostService) bridges to IQuickInputService — one input per prompt, masked when echo: false
3. Responses are forwarded back via respondKeyboardInteractive
4. User cancellation, or connect ready/error from ssh2, results in empty responses being submitted so the auth attempt fails cleanly instead of hanging

Password and KeyFile modes are unchanged.

Files

• common/sshRemoteAgentHost.ts — new ISSHKeyboardInteractivePrompt / ISSHKeyboardInteractiveRequest types and main-service event/method surface
• node/sshRemoteAgentHostService.ts — new keyboard-interactive variant in SSHAuthAttempt, makeAuthHandler accepts an optional kbiHandler, Agent mode appends the kbi fallback, per-connection emitters + cancellation
• electron-browser/sshRemoteAgentHostServiceImpl.ts — injects IQuickInputService, subscribes to the request event, prompts user, responds (or cancels)
• Tests for testBuildAuthAttempts updated to expect the trailing kbi entry; new makeAuthHandler test verifies kbi routing + skip-when-no-handler; renderer test mock has stubs for the new event/method

Validation

• npm run compile-check-ts-native ✅
• npm run hygiene ✅
• Manual SSH test against a password-only host pending

(Written by Copilot)

[Copilot]

Pull request overview

This PR adds a keyboard-interactive authentication fallback to the SSH “Agent” auth mode used by the Agent Host, enabling password / 2FA flows when SSH agent + key-based auth fails (matching typical OpenSSH CLI behavior). It extends the shared-process SSH service to surface keyboard-interactive prompts to the renderer, where the user is prompted via Quick Input and responses are sent back to complete the auth attempt.

Changes:

• Add keyboard-interactive as a final auth attempt in Agent mode and route ssh2 prompt callbacks to the renderer via new IPC events/methods.
• Implement renderer-side prompt collection using IQuickInputService and forward responses back to the shared process.
• Update/add unit tests to reflect the extra auth attempt and validate makeAuthHandler keyboard-interactive behavior.

Show a summary per file

File	Description
src/vs/platform/agentHost/common/sshRemoteAgentHost.ts	Adds keyboard-interactive request/prompt types and new main-service event/method surface for KBI prompts.
src/vs/platform/agentHost/node/sshRemoteAgentHostService.ts	Adds keyboard-interactive auth attempt + handler plumbing, emits KBI prompt requests, tracks pending requests, and accepts responses.
src/vs/platform/agentHost/electron-browser/sshRemoteAgentHostServiceImpl.ts	Bridges KBI prompt requests to Quick Input prompts and responds back to the main service.
src/vs/platform/agentHost/test/node/sshRemoteAgentHostService.test.ts	Updates auth-attempt ordering expectations and adds makeAuthHandler keyboard-interactive tests.
src/vs/platform/agentHost/test/electron-browser/sshRemoteAgentHostService.test.ts	Updates renderer test stubs to include the new KBI event/method surface.

Copilot's findings

• Files reviewed: 5/5 changed files
• Comments generated: 2

[github-actions]

Base: 0f347dc4 Current: 6e161a7b

No screenshot changes.