How does VSCODE's Remote SSH compare against Remote Tunnels for development in terms of speed and code protection?
At a glance, it appears that SSH shares the workload (extension) across both machines
While the Remote Tunnel works entirely on the remote/server machine
Does Remote Tunnel connect both machines over the internet? How does it impact speed?
Is Remote SSH always preferable when it is possible?
"code protection": this is followed by microsoft/vscode-remote-release issue 6608, but without official documentation (yet).
Issue 8110 gives an example of using tunnel instead of SSH:
I'm using the code tunnel on a multi-node HPC cluster.
This means that I can run it from any number of machines (depending on where my job is scheduled), but all share the same NFS-mounted home directory.However, I've noticed that the generated token is tied to a specific machine: if I run a new code tunnel from a different machine, it will give the prompt:
To grant access to the server, please log into https://github.com/login/device and use code XXXX-XXXXThis appears to modify the
~/.vscode-cli/token.jsonfile.
If I run code tunnel again from the same machine, I don't see the prompt, but I do if I change machines (including ones previously authenticated).
With confirmation from Microsoft:
The token secret is encrypted(/obfuscated) using information specific to the machine. We do not currently support sharing this between multiple machines.
The obfuscation is used to provide some modicum of security on systems with more permissive keychains, i.e. ones that don't segregate secrets between different consuming applications on a system level.
Seemicrosoft/vscode@cli/src/auth.rs
This was fixed with PR 175940.
All this points to a different encryption mechanism than SSH.
