-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
connect to remote host with vscode ssh extension #376
Comments
Hello, I'll have to look into it more deeply, but there are chances it won't work, unfortunately. This is because the Remote SSH extension of vscode uses the Obviously this is very handy for dev environments and several other use cases, but this would break the auditability, traceability and authorization check mechanisms of the bastion, as you can tunnel and potentially access other things that the bastion won't have a chance to see, hence not able to allow, deny, or even log. The protocol break done on the bastion side is actually done to prevent this kind of loophole, among other things. Now, this use case on a bastion reserved to dev environments and flagged as such in a more global security policy, might be legit, as long as it's explicitly allowed, but again I'll have to look into it, as I'm not sure this can be done, given the design of the bastion. There's apparently a mode that can be enabled in the Remote SSH extension that can use |
Actually, had a look yesterday, and I might have a PoC with |
Hi @speed47, Thanks for your answer and your time :) of course I am interested :) What should I do? Kélian |
Hi @speed47, Do you have any news for me? Kélian |
Yes, I'll be writing the documentation this week. There is one major drawback, unfortunately: due to an OpenSSH bug that is known since at least 2016 but still unfixed (!), one has to enable local port forwarding on the bastion for the vscode plugin to work (even if it doesn't actually require local port forwarding), so that's something to have in mind. It's not really a good practice to enable this on a bastion, but it might be acceptable for dev environments (if you have a separate bastion for production environments, for example). I'll outline this in the documentation. Stay tuned. |
Hello, Ok thank you for all :) Kélian |
Hi @speed47 Do you somes good news about this topic ? Kélian |
I've also attempted to connect to a remote host using the SSH extension without any luck. |
Hi @speed47, did you manage to prepare the mentioned documentation somewhere? |
Hello,
Do you know if there is a way to connect to the remote host with vscode ssh extension trought the bastion ?
i saw we can't use proxy jump and proxy command, but i don't know if someone already done this without this commands.
Kélian
The text was updated successfully, but these errors were encountered: