I’ve been looking at Remote - SSH and found the following in the notes:
Using Remote-SSH opens a connection between your local machine and the remote. Only use Remote-SSH to connect to secure remote machines that you trust and that are owned by a party whom you trust. A compromised remote could use the VS Code Remote connection to execute code on your local machine.
My question is if there is a built-in capability in the protocol for running code on the local machine from the remote or if the above refers to a possible exploit of the protocol and the client on the local machine.
I use Remote - SSH in order to isolate my dev environment from my local machine, especially when I experiment with code I don’t fully trust (yet). I also trust the remote workspace in VSCode, assuming whatever happens is on the remote machine and not on my local one.
Are my assumptions wrong? If yes, what would it take to make it safe for the local machine? In general, I can live with knowing that it would take an exploit and it is not part of the protocol that is easily accessible from the remote (that might itself be exploited).
Thank you!
