VSCode’s SSH agent is bananas
521 comments
·February 8, 2025tptacek
dunham
Thanks for the post. I see now that it's bananas, but I didn't quite get that from the blog post. You list the things this agent can do, but I immediately assumed it went in the other direction, because anything else would be bananas. The statement in the README put it more succinctly for me:
> A compromised remote could use the VS Code Remote connection to execute code on your local machine.
I feel like that "security note" should have a CVE number next to it.
scop
That first paragraph (in your HN comment, not the blog post) would have read better with zero periods.
Glad to see one of my favorite blogs is still active. I was starting to get a little worried.
The first two blogs currently listed, McCord-Valim’s FLAME-Livebook-GPU and your post which has the word “murid”, truly captures the psychological arc of a developer.
Thanks!
alexgartrell
More low effort posts please!
tptacek
I can't tell you how much I love that this post has generated 156 comments and I have nothing to rebut about any of them. I'm sure they're all right!
DonHopkins
Emacs is better than vi and spaces are better than tabs!!! (I just wanted to get that in as long as you're agreeing with all the comments.)
DannyBee
Honestly, it's a great post, and I love the idea of low effort posts, so i hope you keep doing it.
rat87
It seems like ssh may be the problem. I feel like there should be a way to ask for a docker like experience when ssh ing. Tell it to use is specific APIs to prevent process or filesystem access outside a particular folder (possibly allowing system binaries, although that might complicate things and require vscode to push more stuff to client). Basic googling indicates some choot options in the ssh server but nothing is mentioned on 5he ssh client man page.
Although maybe the solution is to download a docker container on the remote (directly if it has access to dockehub or over an ssh connection if it doesn't) then run a docker container mounting the remote directory and connect to it over ssh.
The problem with only syncing files from the subdirectory is that you also want to be able to run &debug on the remote started by vscode. So plugins also need access to remote or to run remotely for some code observation that may be prohibitively expensive if run locally(pre sync of whole subdir)
SoftTalker
If you’re ssh-ing as a normal user you should only be able to modify files in that users remote home directory. You don’t need all that docker stuff just stop using admin accounts for normal access.
zeckalpha
There are ways to do this sort of thing with inetd, pam.d, etc.
phyzome
« we’ve decided to just be a blog again, so: we had to learn this, and now you do too. »
This is, indeed, the way.
bambax
Good writing and fun, congrats! Is there a semi-hidden Monty Python reference in the middle?
tomrod
Absolutely hilarious. My partner and I have this same conversation every two weeks.
DominoTree
You have definitely covered noodling
opliko
The more I learn about how VSCode works the more it seems like it's held together with duct tape and the most cursed ideas a JS developer could come up with.
Even just from the SSH extension - the workspace URIs have two formats: essentially just the hostname and hex-encoded JSON documents. The latter case happens when additional info is needed, e.g. specific username, or... The hostname includes an uppercase letter.
Which is actually necessary because when they're saved to recent workspaces they're lowercased for whatever reason.
The SSH connections also support configuring extensions that are to be installed on the server, but don't go too crazy with it or you won't be able to connect to Windows hosts, since they're passing them ass command line arguments via CMD, which has a 8191 character limit (they're using CMD to call... PowerShell...).
giantg2
I don't know, I found VS Code to be nicer than Eclipse. I've never had a need for SSH through an IDE, so I can't speak to that. Usually I'd just SSH through putty and use Vi if I need to do stuff on the server.
nickstinemates
This is for remote dev, where the code you're editing exists on a remote environment vs. Local to your disk.
smitelli
I like sshfs for that. It preserves the “do one thing, do it well” idea that so many IDEs seem to have forgotten.
giantg2
Eh, still, I've used stuff like Coder for remote work, or SSH and Vi.
catlifeonmars
I like it because it’s really easy to extend the editor with custom language support/tooling if you know JavaScript/Typescript. Providing custom completions, diagnostics, etcetera. I can also provide custom Go to definitions for cross-language support.
dataviz1000
> The more I learn about how VSCode works ...... duct tape
The most unfortunate few lines. [0]
I wish Microsoft would hire me for a couple months to do nothing but sit in a corner by myself untangling this mess.
[0] https://github.com/microsoft/vscode/blob/6dbde2a3ed308f88164...
fujinghg
It’s shit and string. Gone back to vim.
Vaslo
Almost no one using VS Code can use vim.
notyourwork
I use both and also IntelliJ. Why are you trying to talk down to people based on the tools they use?
aidenn0
I do not personally no anybody using VS Code that hasn't also used vim. Granted there's some huge selection bias since so many people in my personal sphere use vim, but there you go.
Nab443
Gold ! They can use emacs then.
dunham
I regularly use vim in the embedded terminal of vscode. (And I use vim when ssh'd in from my phone.)
joe91
Most of us have learned <esc>:q by now. And then apt-get remove vim :)
wiseowise
I can't use VS Code without vim bindings.
tomrod
I use both all the time. VSCode is fine for a lot of reasons, vi is ubiquitous on servers.
shipp02
This is going to sound naive but, I don't understand what the security issue is. If you can ssh into a machine and port forward a socket, you already have permission to do all the other things. VSCode's protocol seems to be exposing it in way that's more convenient for them.
How is this a security problem? Is it because someone on the same network as the remote machine but without SSH access can connect the port that is forwarded over SSH?
As a user, I quite like how well VSCode's SSH system works.
schmichael
I think the difference is that what VSCode is doing is not an SSH Session like you get in a terminal with the ssh command or putty.
VSCode is installing a remote agent on the target machine that happens to use ssh as its transport protocol, and offers to share that transport with the user.
Is this a problem? Not if it only does things you want it to do. However any agent based system exposing an arbitrary API is suddenly a much bigger attack and risk surface area than the well trod (and still fraught) path of emulating a terminal over ssh.
shitter
> However any agent based system exposing an arbitrary API is suddenly a much bigger attack and risk surface area than the well trod (and still fraught) path of emulating a terminal over ssh.
I can see how this increases local (to the remote system) attack surface, but as long as the agent has the same OS privileges as the user logged in over SSH, what extra remote risk does this introduce?
smackeyacky
Because if the Agent code is compromised, the fact that it leaves things behind is enough for an attacker to hide whatever they need along with the vs code blob. Vscode does this for the right reason, mostly it’s so the bulk of it runs on the host where you’re doing remote development or WSL or whatever. But like a lot of dev stuff these days, compromise the npm packages and bingo you can own all the machines.
Npm is already a terrible thing because the packages are managed so haphazardly, but now you’re exposed to the nonsense without even going anywhere near the mad rodeo of node. I like vscode but it’s not going anywhere near a machine I care about.
makeitdouble
We usually don't hand over full ssh sessions to third party programs, so while you're right, I think people are not used to this level of trust into an app.
The article was to me a good reminder that it's a whole other level of access than just remote mounting a file system.
cogman10
A user that can manage remote processes is generally going to have pretty high permissions.
For example, opening up debug ports on the running server processes, sudo privileges, or just the ability to run arbitrary code or curl in random binaries from the internet.
0xbs0d
I think the latest Jetbrains tools do the same or similar things. They also install their own server on the target machine and connect to that. And I mean it's Jetbrains, so again, closed source tools. But it's not Microsoft so nobody is talking about it I guess.
Y-bar
I think you are talking about https://www.jetbrains.com/remote-development/gateway/ which requires a separate manual install on the client followed by a manual installation on the server during setup. It is not part of the regular IntelliJ IDE as far as I can see.
rtsil
If you're thinking about JetBrains' remote development, it's actually the IDE (a headless version) that's installed on the remote dev machine. Since you first need to install the IDE on the dev server first, you are never under any illusion that it's a simple SSH-based remote editing à la vim (even though it also relies on SSH).
_boffin_
They have two ways — remote development, which is what you’re saying and remote execution.
Remote execution is the one I prefer. Rsync and then just runconfig. It’s lightweight and simple
TZubiri
I sometimes kick myself for not being more productive.
But then I see the clusterfucks productive people are doing and it looks like I'm onto something
eru
Sounds like, if you take this to the limit, the course of action is to not touch a computer?
shipp02
Is it better to programmatically interact with bash to provide the features VSCode does? Do note that I am unwilling to accept an implementation with less features/ease of use!
I can see how writing a custom agent that provides remote access to privileged API's is a bad idea but bash isn't exactly the most secure piece of software in the world.
zelphirkalt
Bash is not running though. You might get a Bash session once you connect via SSH, but it just sits there waiting for you to input commands, while the VS Code installed agent thing does network stuff on its own iiuc. Bash is not acting as a server, afaik.
wg0
Anyone doing such remote edits on production or even staging systems is past the point of caring about any security implications.
The remote development workflow is intended and should be used for dedicated disposable development machines.
That's the responsibility of the operator and it is not for the tool to take care of.
3abiton
This is really big. I always thought Vscode ssh capability was just some black magic that the open source community wasn't able to replicat well with vscodium extensions. Yet, it seems the reason why is that MS threw a curve ball with that naming.
ajsharp
This is the relevant part:
> The agent runs over port-forwarded SSH. It establishes a WebSockets connection back to your running VSCode front-end. The underlying protocol on that connection can:
- Wander around the filesystem - Edit arbitrary files - Launch its own shell PTY processes - Persist itself
When you ssh into a remote server as a client, afaik that server cannot execute arbitrary code on the client. At a minimum, the client would have to explicitly take action for that to happen.
KTibow
Is that to say that the server can do things on the client connecting to the server? That doesn't make much sense.
retsl
"For VS Code remote, the VS Code server is in the same trust boundary as the VS Code client. [...]
For Remote SSH: [...] A compromised remote could use the VS Code Remote connection to execute code on your local machine."
https://github.com/microsoft/vscode-remote-release/issues/66...
I wrote about it in a bit more detail a month ago because it seems to be a common misunderstanding: "VS Code Remote Dev and Dev Containers are not security boundaries" https://lets.re/blog/vscode-remote-dev/
Maxious
That's what makes this blog post worthy
null
inetknght
> When you ssh into a remote server as a client, afaik that server cannot execute arbitrary code on the client.
...assuming you have X11 forwarding disabled and/or don't have X11 server running on the same system that your client is running on.
yjftsjthsd-h
I'm pretty sure X11 forwarding is opt-in, not opt-out? That is, if you don't run `ssh -X` or -Y then this isn't a problem
awwaiid
If I have X11 forwarding on, what can Evil apps do? Launch UI for sure. Screenshots? I imagine so. What else? Send keyboard events, which would be game over?
khana
[dead]
jcgl
I think you’re basically right: it’s not a security problem in that it doesn’t inherently traverse any vulnerabilities or security boundaries.
But it is a security problem in the same way that “curl | bash” is a security problem. An even closer equivalence might be something like “curl | bash” in your bashrc.
umanwizard
I have never seen a compelling explanation for why curl | bash is a security problem.
jcgl
In my mind, it mostly is about curl|bash not being auditable. On the spectrum of [auditable to not-auditable], curl|bash is as far to the right as possible, with things like distro packages far to the left. Maybe for a specific piece of software that's okay, but I think we would readily agree that it'd be a problem for all components of an OS to use bash|curl.
Bear in mind that, like many bits of security advice, this is highly context-dependent. It may vary based on your risk tolerance, your level of trust in the vendor, how robust other parts of your infrastructure (e.g. threat monitoring tools, network segmentation, etc.) are.
1una
It's possible to detect "curl | bash" server side. See https://news.ycombinator.com/item?id=34145799
uecker
It is not a security problem if you know what you are doing and trusting the source. As a general way of installing software is is problematic because it is a risk when careless users execute untrusted code from the internet. Using this in cases where it could be seen a safe encourages such unsafe behavior and undermines efforts to train users not to do this. There is also the issue that websites are generally less safe than dedicated infrastructure of distributions. Those also typically ensure some level of quality control and auditing.
gorgoiler
The agent on the dev server is now a vector back to VS Code on your laptop.
The agent is networked and running all the time so a hole on the dev server’s firewall is now a hole in your laptop’s firewall.
slashdave
> you already have permission to do all the other things
Of course. The problem is that a 3rd party agent can now use your permission to do what it wants, and you will be none the wiser.
IshKebab
You're already trusting that third party agent on your own computer. If VSCode itself was malware then it can do anything you can do, including sshing into remote machines and running commands behind your back.
awwaiid
No -- when I ssh somewhere I am NOT giving them (the server) permission to run code on MY computer. When I vscode-remote somewhere then I AM giving them (the server) to run code on MY computer. You don't expect visiting a website to give the website permission to edit your local files, and so similarly some people might expect that if they are remote-editing with vscode they are not giving the remote-server permission to edit their local files either. Best to be aware!
bornfreddy
VSCode is opensource. Remote ssh agent is not.
joe91
How does it differ from just logging into that machine and running code?
roywiggins
VSCode remotes can execute code on the connecting clients, so a pwned remote server can pwn your local machine.
coldtea
In that it's like THAT machine is also logging into your machine, and running code there...
Deathmax
It's helpful for evading detection, because if you've compromised a machine, you can drop in the server binary and it'll have been added to the allowlist for devs to run.
fulafel
> If you can ssh into a machine and port forward a socket, you already have permission to do all the other things.
Only technically. There are lots of situations where people (or robotic alarm bells) will be miffed if you instal your custom sw stacks, remote shells, "i don't know what these binaries are" etc on some servers you're supposedly just editing config files on.
spudlyo
There are lots of situations where people will not notice at all. At my last gig, I wrote pretty extensive Ansible manifests that built and configured all my favorite tools on on bog-standard company provided development hosts so I found them cozy for remote work. I took severe liberties with these hosts and nobody batted an eye.
fulafel
Yeah, this is just being sensible. There at most you might lack some approval for your solid engineering decision. But when the described kind of worming in happens without your knowledge and there's just some random reverse shell stuff appearing out of nowhere, nobody has looked the sw through it to see if it's secure, what's the supply chain, etc, it's different.
cryptonector
A piece of software that is ostensibly trying to help you is gathering information without your knowledge and.. one of these days may upload it to the mothership? That's kinda not ok don't you think?
bkallus
I ran the servers for our networks, binary exploitation, and intro systems programming classes, and this thing is a major annoyance. It is because of this stupid RAT that students do not understand how to use the OpenSSH client.
I've tried a few things to fix this: 1., I set a motd on our class servers asking the students not to use the VSCode remote server plugin. 2. I ran `ncdu /home` in front of the class and demonstrated how, without exception, everyone with >100MB of disk usage on the class server was a VSCode user. 3. I set a user process limit of 45, because the VSCode RAT (somehow) uses ~50 Node processes. When students inevitably ignored the motd and the in-class warning, they hit the process cap and had to ask us to kill their processes in order to get back onto the system. 4. I replaced the process limit with a script that kills all the .vscode-server RATs every 10 seconds.
kalleboo
Your comment is bringing back so many memories of being in university and working around the anachronistically strict limits the uni sysadmins had on the network
darkwater
And then HN complains that new software is crap that wastes too much resources and new developers don't want to optimize resources...
kalleboo
In my day the new crap that wastes too much resources was the GNU software we wanted to run on the schools Solaris machines :)
bkallus
I too have these fond memories, and I enjoy passing it on to the next generation :)
kalleboo
Doing god's work, I approve!
jaygreco
Ah yes, one of my favorite skills learned in school was how to work around arbitrary rules made up by cranky sysadmins! I still use it all the time.
The smart kids (whom I’m sure look like they are learning that precious openssh client) are doing their assignment locally or on a free tier VPS with VS Code and scping the thing over when it’s done.
They’re also smart enough to learn openssh when they need it IRL.
ytans
In the class which I have managed the infrastructure for, we have 1 to 2 students per VM, so this is less of an issue and there aren't any restrictions.
One of the reasons we provide the VMs is so that students can experience working in a remote server environment. The concern that I have is that these remote ssh tools allow you to bypass learning/practicing how to perform basic actions, e.g. cd, read/edit files.
Granted, as mentioned, you can scp/rsync (or git pull), but at least this seems to be more appropriate when you eventually need to interact with a real production server.
saghm
This isn't something specific to VSCode being popular. When I was in college over a decade ago, there were students using Sublime with an SFTP plugin, coding locally and copying stuff with FileZilla or other similar GUI clients to transfer files (I distinctly remember seeing some program that was named something duck-related but for the life of me I can't remember any other specifics). Sublime in particular could be frustrating in the class I TA'd where they had some assignments to deal with processing some (very basic) machine code to simulate running the tool the class used to assemble and run the code from the (similarly basic) ISA they had been taught, which involved them using hexdump or something similar to understand how the bytes in the files worked, but Sublime "helpfully" would render the object files as as their text representation of the hexdump, with extra spacing for readability and swapped endianness compared to the way the bytes would show up if hexdumped on the school's Linux server. There would always be several students every semester who would show up at office hours unable to figure out why their code that was written to try to read an ASCII string like "AD DE EF BE " but instead would instead find some text they didn't recognize because they didn't think to look at the actual byte values, which would always just happen to start with 0xDE, 0xAD, 0xBE, and 0xEF.
joshstrange
The issue is not about live editing on servers, it’s about running a process out on the server that spawns,according to GP, 50-some processes. VS Code remote editing and Sublime/any SFTP/SCP-style deploy are on completely different levels.
saghm
I was responding directly to the parent comment's decrying of VS Code as responsible for why their students don't know how to use ssh clients, not the general issue, which I agree is not specifically about live editing.
benwaffle
> I distinctly remember seeing some program that was named something duck-related but for the life of me I can't remember any other specifics
cyberduck - https://cyberduck.io/
realaether
Off-topic: just one look at that homepage, the icons in particular, brought back such fond memories of the pre-flat design time. Those halcyon days when it was normal for buttons to look like buttons. (Maybe I'm just using the wrong apps these days.)
saghm
Aha, that does look like what I remember!
causal
Can you explain why though? I get that you had to put a lot of effort into blocking VSCode but it's not clear what have VSCode caused to motivate this.
oarsinsync
It sounds like they’re operating at larger scales, with a large number of users sharing a resource. Each user spawns 50 processes and consumes 100MB of space if they’re using VSCode. Assuming a low count of 1000 users, that’s 50K running processes and 100GB of space consumed. To enable a text editor.
coder543
100GB of storage is… not much for 1000 users. A 1TB NVMe SSD is $60. So 100GB is a total of $6 of storage… or about half a penny per user.
And that’s for SSD storage… an enterprise-grade 14TB hard drive is only $18/TB on Amazon right now, less than a third of the SSD price per TB. Call it 100GB = $2 of storage, total, to enable 1000 users to run the editor of their choice.
So, no, I’m not seeing the problem here.
If you really wanted to penny pinch (one whole penny for every 5 users), I think you could use btrfs deduplication to reduce the storage used.
bkallus
SSH is a fundamental protocol. If students can get through our program without learning what SSH is and how to use it, that's a problem.
andai
>50 Node processes
Every day we stray further from God.
sn9
For those like me who were wondering what "murid" was referring to and had never heard of RAT, it stands for Remote Access Trojan.
collinmanderson
> 1., I set a motd on our class servers asking the students not to use the VSCode remote server plugin. ...When students inevitably ignored the motd...
VSCode doesn't show the motd :/
bogantech
Disable TCP forwarding in SSHD
fastasucan
This was a major annoyance, so you descided to become an even bigger one?
rednafi
I don't know what the alternative would be here. VSCode's SSH edit works surprisingly well, and I stopped fiddling with vim, nano, or micro on my remote machines long ago.
The agent gets out of my way and lets me work in peace. It almost feels like I'm working from my local machine—a huge win in my book.
This could be a security risk, but the development experience is unmatched. I couldn't care less which other editor VSCode is killing, as I mostly don't care about my tools as long as they get out of the way and let me do my job.
saulrh
The alternative is suggested by tramp, which from what I know treats the remote as a network filesystem instead of an execution host. I don't believe that tramp deploys any binaries: it reads and writes bytes over pipes and all meaningful execution happens locally. Notably, it does not achieve persistence, because there's a difference between "VSCode plugins have access while you're SSH'd in" and "VSCode plugins have access forever".
tubs
How does tramp make my autocomplete work seem I need to build on the remote machine so all the paths are in that file system?
How does it execute the exact version of clangd that is running on the remote not my local laptop, desktop, or windows machine I’m using to remote in?
How well does it search through files on a slower connection when it has to download every byte of every file?
skydhash
When you’re in a buffer displaying a remote file, most commands take that in account and execute in the remote context. And more often than not, that means connecting through pipes (and files) inside the ssh tunnels. Eglot (with gopls) works fine and fast for me. Executing ‘shell’ opens a remote shell, as well as launching tasks through compilation mode. Grepping and finding files, as well as dired also work fine.
rednafi
Persistence is important to me, and making it read-only significantly reduces its usefulness. I regularly SSH into a dev machine to run scripts and update configurations. As long as a tool lets me do that without getting in my way, I'm good with any solution that works.
saulrh
Tramp is perfectly able to write, it's just that it does it by writing a temp file locally and then using ssh to transfer the file to the remote, rather than installing a copy of itself on the remote and acting through that. It only uses executables that it finds on the remote. So if make and gcc and sed and such are available it's basically transparent, indistinguishable from local editing except for network round trips, and the only changes it leaves behind are the files you edit.
skydhash
Then tramp would be a perfect fit for you as long as you’re willing to learn emacs. If you open a remote file, almost all actions when that buffer is selected will execute in the remote context (launching commands, visiting directories, opening a shell,…)
null
cobbal
Running `make' works in tramp, so it can do some form of execution
fiddlerwoaroof
It can do anything you can do over SSH
spacemanspiff01
The security risk comes from all those unvetted plugins, that have unrestricted access to the editor.
shipp02
That's an issue with any plugin system, right? AFAIK no IDE has a plugin system with capabilities or a sandboxed interpreter.
VSCode does have a thing where it's like do you trust the authors of this project. Not sure what it does because I've never had to use it. From StackOverflow[1]:
>If you select No, I don't trust the authors, Visual Studio Code will open the workspace in 'restricted mode'. This is the default for all new workspaces. It lets you safely browse through code but disables some editor feature, including debugging, tasks, and many extensions. However, keep in mind that 'restricted mode' is all you need for many use cases.
Actually if restricted mode[2] is any good, vscode might be better at security than most other editors/IDEs.
[1]:https://stackoverflow.com/a/67914669/11422647 [2]:https://code.visualstudio.com/docs/editor/workspaces/workspa...
vlovich123
> Actually if restricted mode[2] is any good, vscode might be better at security than most other editors/IDEs.
Unfortunately, it’s not. Restricted mode is VSCode without any plugins. That means that unless you’re doing very basic TS development (I think that’s the only language VSCode supports out of the box), then you’re kinda hosed.
retsl
There's a feature request from 2018 to add a proper permission model for plugins in VSCode: https://github.com/microsoft/vscode/issues/52116
Sadly it doesn't seem to make any progress.
aniviacat
Lapce uses a WASI plugin system, so it could do strong sandboxing (but it doesn't).
causal
Note that your local plugins do not get installed on remote instances without manually doing so
rednafi
Yeah, I'm all in for a more secure option as long as it allows me to do everything that VSCode's SSH agent does. But if the devex goes down the drain because of "security" then I'm good for now.
sevensor
From what I’ve seen, my colleagues using vscode are hampered in ways they don’t recognize because they have no concept of how good things could be. Working with multiple remotes, they’re often completely unaware of which one they’re connected to or what state their connection is in. Their terminals are laggy and session state persistence is inconsistent. It’s just a massively worse experience than tmux + a real text editor. Plus the server is a real pig and they often end up running half a dozen server instances because the server doesn’t terminate properly. And then, half the updates break and they lose an hour because they don’t know how to ssh into the host with a real ssh client and clean up the busted vscode server.
arp242
> I don't know what the alternative would be here
I'm not sure what features VSCode offers exactly, but I find sshfs works quite well for remote editing of a bunch of stuff. I think it should basically be the same as VSCode?
sunshowers
You really want your LSPs to run on the remote, especially with high-latency connections.
Dylan16807
Why is that? How much data are we expecting the LSP to ingest?
For most projects my expectation is that all the source code gets quickly cached on my machine, and from then on querying a local LSP is much faster. Especially with high-latency connections.
rednafi
One fewer tool to think about. It remembers the connections and instantly gives you access to a full-fledged editor on a remote server. It just works, and I don’t think about it twice, which is a huge win in my book. I’m good with the trade-offs.
arp242
Okay fair enough; just saying it seems like a reasonable alternative if you want to avoid fiddling with editors on remote machines.
EVa5I7bHFq9mnYK
VSC allows to debug the remote program, set breakpoints etc. How can you do it with just the editor?
averageRoyalty
Absolutely. It worked fine before vscode existed and it will work fine when the next hot button IDE comes along. I'm not sure why people keep reinventing the wheel and creating themselves new problems!
otabdeveloper4
> I don't know what the alternative would be here.
Emacs' TRAMP is pretty crap but still more reliable and user-friendly than the hot mess of VSCode remote editing.
rednafi
> Hot mess of VSCode editing
Okay. I have been using VSCode remote session since its inception and it works well for my case.
Also, Vim/Emacs aren’t my cup of tea, so it’s not like that I have many options.
otabdeveloper4
> and it works well for my case
Yes, if you're using a Microsoft (c) approved and tested system configuration.
mixmastamyk
Me, me, me, got it. Unfortunately there are other folks in the world. ;-)
Students need to focus on fundamentals, not the fanciest automatic whiz-bang tools available. Why we learn arithmetic before allowing calculators.
0xbadcafebee
What did we learn? That remote code execution is a thing? That misplaced trust in [dev] tools is often regretted? That modern software design is ass? If you've been paying attention, all of that has been obvious.
SSH is a solution from the 90s. It's Telnet with a couple extra features bolted on, and despite being called the "secure" shell, is literally less secure than Telnet+TLS would be. There's so much stupid-yet-glorified bullshit implemented over SSH, because lazy assholes had a tunnel into a server with a user session, and decided "why implement a whole extra protocol for network transport and secure connections for my application? I already have an authenticated user session, in this very specific protocol, computing design, and network architecture. who care if nobody else on the planet but computer nerds have used something like this since 2000? works for me!" Discard the concepts learned from distributed OSes, ignore all the advanced AuthN+Z that had been developed, embrace the shittiest, easiest thing you can.
These "SSH agents" aren't bananas. We refused to get off our stupid lazy asses to build the right tool for the job. So we had to keep shoving more shit into pre-existing tools that were never designed for what we decided to do with it. We have no right to pretend we're surprised.
This is the world we have made. All of you, and me too. Either with your labor or your silent compliance. If it's not SSH, it's politics, commerce, school, and everything else. We live every day in the shit-pile we carved for ourselves, and every day that we don't do something about it, we throw another shovel on the pile. You don't get to sit there shoveling shit and pretend this is a fucking surprise, or crazy. You're holding a shovel.
zrm
It's not the developers who did this, it's the "network security" people. If you block all outgoing ports except for HTTPS and ssh, everything is henceforth going to be tunneled over HTTPS or ssh.
This is also the reason why, if you allow outgoing HTTPS connections, you should as a general rule be allowing all outgoing connections except for SMTP. Because actually malicious traffic is just going to be tunneled over HTTPS anyway and all you're doing is inhibiting the deployment of any new protocols that don't take on the complexity and inefficiency of the tunnel.
encom
And this is how we end up with clown-maxing abominations like DNS-over-HTTPS.
0xbadcafebee
Every place I've ever worked that blocked ports, blocked SSH, it's no exception.
zrm
It's an extremely common exception for exactly the reason you don't like it. If you block it you get widespread breakage because so many things use it. Then even more things use it because it's allowed and novel protocols aren't.
And what do you think happens in the places that do block ssh, instead of unblocking other things? I hope you like VSCode over ssh over HTTPS VPN.
blueflow
To the contrary, i find the ssh keypair authentication (and certificates) the best kind of authentication i know. And it integrates with FIDO2 without prior set up.
I wish web logins would be more like what SSH does.
h4ck_th3_pl4n3t
Man, I'm getting hard tinfoil conspiracy vibes from this one. Not everything in life is done with malicious intent. Most of the time it's humans trying to do the best they can come up with under pressure.
Maybe go touch some grass once in a while, it's healthy for the soul.
Also, please make a suggestion on how to build a better SSH protocol. Complaints are kind of useless without constructive criticism.
regularfry
The suggestion was telnet+TLS, right? I'd not come across it before but it's apparently a thing: https://www.ibm.com/docs/en/i/7.5?topic=tls-configuration-de...
h4ck_th3_pl4n3t
TLS is used for this inside corporate environments because it can be intercepted by snakeoil CA using firewalls.
So I'd argue it's not as secure as SSH, where an MITM actor implies a compromise of the cryptographic algorithms used underneath or an exploit like the xz case.
0xbadcafebee
1) I never said it was malicious, 2) humans do not try to do their best (have you looked around lately?), 3) complaints are entirely useful regardless of constructive criticism, they are literally user feedback
h4ck_th3_pl4n3t
So, where is the RFC proposal tor something better then?
kazinator
"SSH agent" is a confusing term to use here, because it usually stands for a daemon that caches authentication tokens.
CGamesPlay
Agreed, because VSCode does not provide an SSH Agent but does communicate with your local one (their own version of ForwardAgent, complete with the security implications that carries). And the way it does that breaks a popular macOS SSH agent: https://github.com/maxgoedjen/secretive/issues/543
epistasis
Oh shoot, secretive is one of the few ways I knew of to keep track of each time an SSH key was actually used to auth something. I love using Agent Forwarding but the idea of anybody with root being able to arbitrarily auth stuff gave me a (perhaps unreasonable) feeling of insecurity.
RockRobotRock
I love secretive.
rednafi
The "VSCode" before "SSH Agent" does the disambiguation fairly well.
akvadrako
Only of you already know what the VSCode agent does and then you don't need the article.
bqmjjx0kac
I, for one, was actually confused.
hughes
> I would be a little nervous about letting people VSCode-remote-edit stuff on dev servers, and apoplectic if that happened during an incident on something in production.
Totally agree that using vscode remote on production servers is insane.
Everything else described as "bananas" sounds like expected functionality.
Salgat
I wonder what the use case is for this given the security implications. Staging instances that are sufficiently isolated from other environments?
thinkharderdev
I think the use case is mostly dev servers, either remote machines running in the cloud or docker containers running locally. I don't use VSCode much, but the one thing I do use it for is when I need to do something linux-specific. I spin up a linux VM on my MacBook and use VSCode to remote into the VM.
knallfrosch
https://github.com/features/codespaces
All you need is a well-defined .devcontainer file.
Debugging, extensions, collaborative coding, dependant services, OS libraries, as much RAM as you need (as opposed to what you have), specific NodeJS Versions — all with a single click. It's dev-environment-as-code and you can version control it.
toprerules
I've reached a level (staff engineer at MAANG) that I consider to be difficult to obtain using plain old Vim, and I've noticed that other high performers tend to still use Vim or Emacs. There's plenty of amazing developers who use VCode, JetBrains, etc. but I think there are certain personality traits - seeks out barriers to entry, likes to demagic tools through exploration, values completely open source, highly tinkerable community driven projects, etc. that explain this phenomenon more than feature set or ease of use.
When I read about how complicated VSCode's remote editing was (which I knew about before this article) it just made me want to use VSCode less. I can just ssh into a machine and use whatever editor is on the machine. VSCode's solution works, but it's also not nearly as elegant or universally applicable, and is more prone to breaking.
Also, Tramp is still quite awful, sorry Emacs users (netrw isn't any better).
imiric
I agree that Tramp is not great, but there's a simpler solution that works much better: `watchexec` + `rsync`.
I can set it up to watch specific file paths, and sync exactly what I need. I'm still working on the local FS, so there's no editing delay, I can use all my local tooling, and the syncing takes milliseconds. I can also make it delete files remotely when they're deleted locally. And finally, I always have a local copy once I stop working on the remote machine, which is something I always needed to sync manually with Tramp. Plus, it's editor agnostic.
This VS Code feature would make me nervous, especially now that I know what it does.
8organicbits
I joined a new team that's very VSCode centric and I've been thinking a lot about why I still prefer vim. My latest observation is that I find all the toolbars and other content filling the screen to be visually noisy. I turned on Copilot and wow it's more toolbars and text is flying into where I'm trying to write. Vim just lets me looks at, think about, and write code. I can't get into "flow" with VSCode.
Oh and since people are citing age in sibling posts, I'm mid-30s. I used emacs in university and switched to vim at my first job. I used IntelliJ for a really gnarly Java project, but otherwise I keep using vim.
regularfry
That's exactly what I dislike about vscode. It's so easy to trigger some pop-over that moves or obscures the precise thing you're trying to read.
The only thing really keeping me using it is copilot.
foldr
> likes to demagic tools through exploration, values completely open source, highly tinkerable community driven projects, etc.
I liked all this stuff when I coded as a hobby. Now that it’s my job, I like VSCode because I never need to tinker with it to any significant extent and I can focus on getting my work done. I fire up vim occasionally if I need to do some fancy regexp munging.
toprerules
I don't tinker with Vim. I wrote my config many years ago and I touch it maybe once every few years. Otherwise it's completely rock solid.
I also find it highly amusing when people talk about needing to get work done and Vim, I mean I didn't get staff at one of the highest paying, hardest companies to climb at because I was sitting there tweaking configs instead of having impact. Vim lets me have impact by getting out of my way and letting me do precisely what I need to do wherever I need to do it.
foldr
I don’t doubt that Vim is an efficient tool for you. In the end it’s just a text editor. Editing text is not the hard part of writing code. I do not understand the impulse to judge people according to their largely inconsequential choice of editor (and I must say it seems to be disproportionately users of certain editors who are susceptible to it!)
The part of your post that I responded to talked about exploring highly tinkerable projects. I guess you’re saying that you like that Vim is explorable and tinkerable even though you don’t waste time exploring it or tinkering with it. That’s fair enough, but I hope you can at least see the sentiment that I was responding to.
andrewfromx
Instead of working with existing remote tools it deploys a comprehensive agent that includes:
A Node.js binary installation. A WebSocket connection back to the VSCode frontend. Extensive system access capabilities.
The VSCode agent has broad permissions including:
File system navigation. File editing capabilities. Shell PTY process creation. Self-persistence abilities.
AlotOfReading
I don't see any reasonable alternatives that can support what VScode does, like running extensions that aren't installed locally. Maybe those features aren't something you want, but they're part of the product feature set.
roland35
I believe extensions are actually installed on the host itself! At least when I use vs code remotely it shows "install on xxx" for each extension if I haven't installed it yet
knallfrosch
Exactly. You can use extensions without even installing them locally. They're installed on the host.
Now imagine your host is a rented VM that you throw away after use.
jazzyjackson
It’s not clear to me, are these issues on the local or remote vs code instance? If remote, I understand elisp tramp is a lighter touch as far as dependencies go, but is the attack surface all that different? (That is, does the remote node binary have any permissions a user running arbitrary ssh clans wouldn’t?)
The OPs goal was to give an llm keys the kingdom on an ephemeral/throwaway virtual machine, are they saying the sockets opened up by the agent allow it to fiddle with the developer machine it’s meant to be isolated from?
throwanem
Emacs Tramp just uses whatever SSH access you already have to a remote host, to copy files back and forth. It may use scp or sftp if the remote host advertises the protocol, but it does not install anything or invent any of its own protocols.
regularfry
Now I'm wondering if you could inject an emacs lisp interpreter onto the remote machine. There are exploit frameworks that do something similar.
Whether such a thing should ever be written is a completely different question, of course.
dekhn
One perspective is to think of these as things that a modern OS should provide as a standardized feature, and VSCode is just working around the fact they don't exist. It's crazy to think about but the kernel itself could have a webserver (or other protocol) with encryption and auth that let you directly control the entire machine through EBPF. It could be an entirely different paradigm for client/server remoting. Also a security hole you could drive a death star through.
eru
You can have a standardised feature set, without sticking everything into the kernel.
I'm all for the former, but the latter is unnecessary.
otabdeveloper4
A rootkit built right into the kernel? And apparently this is okay because it's "encrypted"? (Aka impossible to diagnose or monitor.)
Yikes.
Retr0id
The silver lining of all this is that your local vscode instance becomes more of a thin client, with the heavy lifting being done by the remote instance. It's perfect for the "small laptop ssh'd into beefy workstation" use-case, but less so for the "beefy workstation ssh'd into tiny VM/VPS".
If you're doing the latter, I'd recommend using sshfs or some other remote-fs-mount setup, and opening the mounted directory in vscode normally.
gopalv
The way most people learned this is because somewhere in the middle of last year, VSCode's node install stopped working with the old glibc.
https://github.com/microsoft/vscode/issues/201129
Most people who hit this hard pinned their vscode to 1.85 & it took a while till this turned into a simple nag bar on top of their editor.
nooorofe
it was fixed with workaround, in newer versions, they copy statically compiled nodejs to the server and it works.
I have been for like a month now noodling on a long-form post about a piece of software we've been noodling with for 3-4 years now. Kurt is freaking out, because we haven't written anything on the blog since, like August. Finally I'm like, look, I will write the simplest thing I can come up with. We'll do the opposite of what we've been doing. We'll do anti- effortposts. I bet I can do one in 30 minutes.
I promise, I thought about this less than you have. It's a thing we were tinkering with, and I wrote about it. That's all.