I was wondering about this too. Once you have SSH access, unless your user is restricted, you can do whatever in the remote system.

All VSCode is doing here is installing node to run the extensions, setting up a WSS connection back the client for realtime communication. I don't see the harm there given the extensive feature set.

One can ssh into untrusted remote host with little risk for local machine security. That is, if the remote site is compromised one cannot use it general to compromise the local machine. At best the attacker can try to exploit bugs in terminal escape sequence handlings or rendering of complex Unicode characters by the local terminal. This is a relatively small attack surface.

With vscode that exposes the local machine to the remote with support of very complex and undocumented protocol it is entirely different story.

Which is a pity especially given that VScode is browser-based and browsers are designed to allow connections to untrusted servers.

I suppose it will be a different story if VScode was designed with remote editing capabilities and treated the local stuff not different from remote. But given that the ssh extension was brought as an after thought with little regards for the local security we have the present unfortunate situation.

It's the other way around: the post is saying that the remote VSCode agent can tell the client to just do whatever. That's not how SSH usually works, if an SSH server can pwn a client that's a bug.

I think it's only necessary because extensions may need to run client side. Not sure if that means the extension needs to be published on their marketplace site.

I don't think this is true and I don't think it's what the post says.