Don't rely on ssh TCP port forwarding #92
Comments
|
For reference, the Port Forwarding section on ssh.com notes that:
One could argue whether there is an actual risk or not, but I wouldn't be surprised if many enterprises followed this advice. |
roblourens
added
doc
feature-request
This right here is the key, Unless you have a company culture that does not allow it, bending the rules in order to do more work is never punished and more of then than not rewarded. |
It doesn't even necessarily have to do with your own company's culture either. If you're working with a vendor and they don't allow port forwarding, then all of a sudden this plugin doesn't work at all. I would've loved to use this extension but I'm uninstalling it now at least until this feature is taken care of. I've subscribed to getting a notification once this issue is closed, but for now, bye. |
|
subscribed. We do not have the ability to enable |
|
We’ve got hundreds of developers eager to use the remote ssh extension, unfortunately this is blocking the rollout. |
|
Same here, we can't enable AllowTcpForwarding ... |
|
Same here, |
|
Would love for this to get fixed, |
|
Seriously, +1 on this. Am a college CS student. Our campus server dev environment does not have AllowTCPForwarding enabled, with no plans to change that. A different solution is a must. |
|
I am working in a cluster environment. We need to do computation (like with a Jupyter notebook) on compute nodes. The server therefore needs to be set up on a compute node. But the compute nodes have ports restricted except SSH and a few other application-specific ports. So +1 on this! |
|
AllowTCPForwarding is not an option for us. |
|
Same, can't use this feature at all because it relies on this setting. |
|
My 1and1 ISP account has AllowTcpForwarding disabled, I would not be surprised if that's the default for most ISPs due to security restrictions. |
|
Same here, can't use this extremely useful feature because I'm working in an environment that has Seriously, being able to use this extension without TCP forwarding would help spreading the word about the abilities of vscode so much, because in an enterprise you often have no choice but to live with the settings as a given. I would love to use vscode remote instead of local-vim, which is just not comparable at all. |
|
Same, this could be a game changer. |
|
@roblourens I've noticed in another thread you are saying there are no plans to implement this right now. Can you, please, lock this issue so there are no more I would like to stay subscribed to the issue in case your plans will change in the future. |
|
The Remote-Tunnels/code server route will be the way forward for this scenario. It's not really practical for us to implement without forwarding https://marketplace.visualstudio.com/items?itemName=ms-vscode.remote-server |
The initial release of the VS Code Remote extension relies on SSH port forwarding between the client and server to make the HTTP endpoint for the extension host on the server appear as a local TCP port on the client. While this is a simple solution, it completely blocks use of the extension in environments where port forwarding has been disabled for security reason by setting
AllowTCPForwardingtoNo.For instance, I'm not able to use this feature in an enterprise setting with "dev servers" that otherwise pretty much fits one of the intended use cases. Issue #84 is probably also blocked for the same reason.
I suggest implementing a custom forwarding/multiplexing solution on top of a plain ssh connection to the remote server instance. Perhaps TCP sockets could be avoided completely that way.
Anyway, great work so far and I'm looking forward to testing this for real one day!
The text was updated successfully, but these errors were encountered: