SSH still available in container even I disable forwardWSLServices

[ai]

SSH inside container can connect to GitHub even if I disable forwardWSLServices and gitCredentialHelperConfigLocation.

There are no keys in ~/.ssh (inside container) and no helper in git config -l

My settings:

"dev.containers.copyGitConfig": false,
  "dev.containers.defaultExtensions": [
    "editorconfig.editorconfig",
    "connor4312.nodejs-testing",
    "dbaeumer.vscode-eslint",
    "esbenp.prettier-vscode",
    "yoavbls.pretty-ts-errors",
    "streetsidesoftware.code-spell-checker",
    "editorconfig.editorconfig",
    "yzhang.markdown-all-in-one",
    "christian-kohler.path-intellisense",
    "christian-kohler.npm-intellisense",
    "VisualStudioExptTeam.vscodeintellicode",
    "davidlday.languagetool-linter"
  ],
  "dev.containers.dockerCredentialHelper": false,
  "dev.containers.dockerPath": "podman",
  "dev.containers.forwardWSLServices": false,
  "dev.containers.gitCredentialHelperConfigLocation": "none",
  "dev.containers.mountWaylandSocket": false,
  "dotfiles.installCommand": "devcontainer/install-dotfiles",
  "dotfiles.repository": "ai/environment",

• VSCode Version: 1.89.1

• Local OS Version: Fedora 40

• Remote OS Version: ubuntu:24.04

• Remote Extension/Connection Type: Containers

• Logs:

Steps to Reproduce:

1. Disable forwardWSLServices, and gitCredentialHelperConfigLocation
2. Open local project in container
3. Open container terminal in VS Code
4. Run ssh -T git@github.com
5. See container has SSH access to GitHub

[chrmarti]

"dev.containers.forwardWSLServices": false is only for WSL. If you have an ssh-agent running locally, that will still be forwarded. You could clear the SSH_AUTH_SOCK env variable when starting VS Code (mainly applies if your local machine is Linux).

[chrmarti]

Are you trying to isolate the container? The extension also forwards the X11 display, the Wayland display, the gpg-agent (if GPG is available in the container) and the Docker credential helper (if Docker is available in the container).

[ai]

The extension also forwards the X11 display, the Wayland display, the gpg-agent (if GPG is available in the container) and the Docker credential helper (if Docker is available in the container).

Yes. I try to use Dev Container to prevent been hacked from node_module. So I need an option to remove GPG. X11/Wayland, Docker sync.

Seems like we have UI issue. It was unclear to me what WSL is in the context of Dev Container plugin (I am using Linux). Maybe we can rename option to explain that they do not protect Linux/Mac machine.

Also, can we add options to disable forwarding ssh-agent (I may need SSH_AUTH_SOCK on local machine for another tools), gpg-agent, X11/Wayland? Is it possible to disable them (for experienced users of course, disabling by default will reduce DX)?

[chrmarti]

My understanding is that Docker containers are not a security boundary. So even with all these features disabled, you won't have a "secure" setup. There might be ways to harden the container I'm not familiar with.