[sklivvz1971]

I am very confused by this post:

1. VSCode uses SSH (with its security profile) and the user can't do anything more with VSCode that they can already do with SSH. If the comparison is between a system without SSH and a system with VSCode and SSH--sure--I understand the concern, but it's an issue with enabling SSH and not VSCode.

2. VSCode can change files and persist? Well, it's a local editor, so yeah, it can change files and persist, that's literally its purpose. If that's an issue, disable editing permissions for the user.

[roywiggins]

The server running at the remote end can execute code on the client. If an SSH server can do that it's a security issue and a bug.

The README does warn about this: "A compromised remote could use the VS Code Remote connection to execute code on your local machine."

https://marketplace.visualstudio.com/items?itemName=ms-vscod...

[n144q]

You are not the one who's confused. The author of the article is.

[kreyenborgi]

Normally on connecting to a remote machine you expect to be able to control that machine, you don't expect that machine to gain control over yours.