Open andxu opened 4 years ago
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.
route to appropriate team
@btardif can you help me figure out if the current implementation on CLI - and why this is not limited to localhost?
When using command
az webapp create-remote-connection
, this command listens on a port but it also accepts any connections not limited to current machine, byssh root@< ip> -p <port>
, any user under the same gateway will be able to connect to the ssh server proxy-ed byaz webapp create-remote-connection
, this is not safe(as the password is hard-coded).See vscode app service implementation: https://github.com/microsoft/vscode-azuretools/blob/5999c2ad4423e86f22d2c648027242d8816a50e4/appservice/src/TunnelProxy.ts#L301
it only listens on 'localhost'