Vscode-remote-release: Don't rely on ssh TCP port forwarding
The initial release of the VS Code Remote extension relies on SSH port forwarding between the client and server to make the HTTP endpoint for the extension host on the server appear as a local TCP port on the client. While this is a simple solution, it completely blocks use of the extension in environments where port forwarding has been disabled for security reason by setting AllowTCPForwarding to No.
For instance, I'm not able to use this feature in an enterprise setting with "dev servers" that otherwise pretty much fits one of the intended use cases. Issue #84 is probably also blocked for the same reason.
I suggest implementing a custom forwarding/multiplexing solution on top of a plain ssh connection to the remote server instance. Perhaps TCP sockets could be avoided completely that way.
Anyway, great work so far and I'm looking forward to testing this for real one day!
davidwin
All 16 comments
For reference, the Port Forwarding section on ssh.com notes that:
Enterprises would generally want to prevent port forwarding on their servers, unless expressly needed for tunneling legacy applications. There is substantial risk that users will use SSH tunneling to open backdoors into the organization through the firewall to get access to work machines from home. We've seen this done in numerous organizations and the technique is widely known.
One could argue whether there is an actual risk or not, but I wouldn't be surprised if many enterprises followed this advice.
davidwin
on 3 May 2019
to get access to work machines from home
This right here is the key, Unless you have a company culture that does not allow it, bending the rules in order to do more work is never punished and more of then than not rewarded.
christian-ehrisman
on 5 May 2019
to get access to work machines from home
This right here is the key, Unless you have a company culture that does not allow it, bending the rules in order to do more work is never punished and more of then than not rewarded.
It doesn't even necessarily have to do with your own company's culture either. If you're working with a vendor and they don't allow port forwarding, then all of a sudden this plugin doesn't work at all. I would've loved to use this extension but I'm uninstalling it now at least until this feature is taken care of. I've subscribed to getting a notification once this issue is closed, but for now, bye.
Dani21
on 11 Jul 2019
subscribed. We do not have the ability to enable AllowTcpForwarding on dev boxes
tbennett6421
on 13 Aug 2019
We鈥檝e got hundreds of developers eager to use the remote ssh extension, unfortunately this is blocking the rollout.
Vultour
on 16 Aug 2019
Same here, we can't enable AllowTcpForwarding ...
alfonsomhc
on 2 Sep 2019
Same here, AllowTCPForwarding is not an option for us.
ekouters
on 10 Sep 2019
Would love for this to get fixed, AllowTCPForwarding cannot be enabled for us.
evoskye
on 15 Oct 2019
Seriously, +1 on this. Am a college CS student. Our campus server dev environment does not have AllowTCPForwarding enabled, with no plans to change that. A different solution is a must.
Kai3620
on 25 Oct 2019
I am working in a cluster environment. We need to do computation (like with a Jupyter notebook) on compute nodes. The server therefore needs to be set up on a compute node. But the compute nodes have ports restricted except SSH and a few other application-specific ports. So +1 on this!
wwarriner
on 25 Oct 2019
AllowTCPForwarding is not an option for us.
soloji
on 5 Dec 2019
Same, can't use this feature at all because it relies on this setting.
briantist
on 31 Jan 2020
My 1and1 ISP account has AllowTcpForwarding disabled, I would not be surprised if that's the default for most ISPs due to security restrictions.
RokuKent
on 4 Feb 2020
Same here, can't use this extremely useful feature because I'm working in an environment that has AllowTcpForwarding no set.
Seriously, being able to use this extension without TCP forwarding would help spreading the word about the abilities of vscode so much, because in an enterprise you often have no choice but to live with the settings as a given. I would love to use vscode remote instead of local-vim, which is just not comparable at all.
alex04103
on 25 Feb 2020
Same, this could be a game changer.
tomaszkaliciak
on 7 Jun 2020
@roblourens I've noticed in another thread you are saying there are no plans to implement this right now.
Can you, please, lock this issue so there are no more same here comments?
I would like to stay subscribed to the issue in case your plans will change in the future.
gyzerok
on 8 Jun 2020
Related issues
gulshan
路
3Comments
peterkappelt
路
3Comments
jeffreyyjp
路
3Comments
Yvand
路
3Comments
kzawad1
路
3Comments
Most helpful comment
Same here, can't use this extremely useful feature because I'm working in an environment that has
AllowTcpForwarding noset.Seriously, being able to use this extension without TCP forwarding would help spreading the word about the abilities of vscode so much, because in an enterprise you often have no choice but to live with the settings as a given. I would love to use vscode remote instead of local-vim, which is just not comparable at all.