VSCode Remote Containers over SSH
When working remotely with a laptop, sometimes we might want access to more CPU power, RAM or a GPU. VSCode supports accessing a remote machine, and if Docker is installed on the remote machine, you can even connect to remote development containers. This approach tremendously saves battery life since computation is done on the remote server.
Requirements
-
Working SSH connection. If you prefer to use SSH with certificates, you can refer to my post.
-
(on Windows) Setup
bashas the default SSH shell.bashneeds to be the default SSH shell, otherwise development containers will not work.
Once that is done, you can follow the official guide.
You can now run powerful transformer models and more from your laptop!
Why not code-server?
code-server is a fully browser-based implementation of VSCode, and offers nearly the same experience. Compared to SSH, all that is needed is a client with a browser, and there is no need for SSH certificates.
However, the lack of support for VSCode Remote-Container and Remote-SSH extensions1 were a deal-breaker for me, since I primarily develop within development containers2.
code-server can be run in a Docker container too, and addtional code-server containers can even be created on-the-fly from within code-server itself. However, the configuration to automatically forward the relevant ports is going to be complicated.
Authentication Concerns
code-server uses a websocket stream. While nginx can be setup to require authentication before initiating the stream, there's no simple way to deauthenticate a websocket stream3 once its established, unlike SSH connections.
A comparison of features:
code-server |
VSCode Remote-SSH | |
|---|---|---|
| Security | Less secure4 | As secure as SSH is |
| IP Visibility | Can be hidden behind Cloudflare | Public |
| Authentication | Password or external server3 | SSH password, 2FA, key or certificate |
| Client requirements | Any browser | SSH client |
| Access host filesystem | Yes | Yes |
| Forward ports from host | Yes | Yes |
| Full VSCode experience | No Remote-Containers support | Yes |
| Open Source | Yes | Extension is proprietary |
-
Sadly, VSCode is not as open as I used to think. ↩
-
While
nginxcan proxy websocket connections, it can't terminate them once established. ↩↩ -
Web applications have multiple vectors of attack, for example the OWASP Top Ten. ↩