Techly NewsGet the app

Get the latest tech news

Down the rabbit hole: Implementing SSH port forwarding over AWS Session Manager


A technical quest through obscure SSH and AWS Session Manager features in service of enabling VS Code Remote SSH via the Formal Connector, culminating in forking and fixing several concurrency bugs in AWS’s own reference library for connecting to compute instances using SSM.

This enables a number of features that security teams might find convenient: they can leverage Formal’s policy engine to restrict access to production-sensitive hosts to a subset of users, and they can ensure the entire SSH session, including commands and their outputs, are fully logged and analyzed for their risk level. This framework takes care of most of the undifferentiated heavy lifting of the SSH protocol and allows us to focus on implementing Formal’s unique policy and audit system as a middleware. After making that change (and replacing an ancient UUID library that also stored global state causing data races), we were able to get VS Code to successfully initiate Remote SSH connections to EC2 and ECS Fargate instances through the Formal Connector!

Get the Android app

Or read this on Hacker News

Read more on:

Photo of SSH

SSH

Photo of rabbit hole

rabbit hole

Photo of AWS Session Manager

AWS Session Manager

Related news:

News photo

VSCode’s SSH agent is bananas

News photo

Chinese cyberspies use new SSH backdoor in network device hacks

News photo

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

« Temu, Shein See US Sales Drop After Trump Targets China Trade
Saudi’s $1.2 Billion Barloworld Offer Gets Glass Lewis, ISS Nod »