Public
- Public
- Network
- Groups
- Featured
- Popular
- People

The SSH agent runs over port-forwarded SSH. It establishes a WebSockets connection back to your running VSCode front-end. The underlying protocol on that connection can: * Wander around the filesystem * Edit arbitrary files * Launch its own shell PTY processes * Persist itself In security-world, there’s a name for tools that work this way. I won’t say it out loud, because that’s not fair to VSCode, but let’s just say the name is murid in nature.

Download link

The SSH agent runs over port-forwarded SSH. It establishes a WebSockets connection back to your running VSCode front-end. The underlying protocol on that connection can: * Wander around the filesystem * Edit arbitrary files * Launch its own shell PTY processes * Persist itself In security-world, there’s a name for tools that work this way. I won’t say it out loud, because that’s not fair to VSCode, but let’s just say the name is murid in nature.
https://files.mastodon.social/media_attachments/files/113/966/636/935/565/987/original/e2145e7dc61ce749.png

Notices where this attachment appears

Embed this notice
nixCraft 🐧 (nixcraft@mastodon.social)'s status on Saturday, 08-Feb-2025 16:11:17 JST nixCraft 🐧

Another shity Microsoft product doing nasty things. Every YouTube tutorial or Twitch stream starts with VS Code. This is another example of how Microsoft push their products with bad security practices and their shity tech like Copilot, Github, C#, TypeScript, etc.
Read: VSCode’s SSH Agent Is Bananas https://fly.io/blog/vscode-ssh-wtf/ ( or use the https://archive.ph/BansH )
If possible avoid Microsoft spyware and all of their shity services that now push AI like crazy person. It is a massive mess.

In conversation about 15 days ago from mastodon.social permalink