Security model
When your work includes accessing remote servers you want to be sure that the connection between your local machine and the backend is secured and any data going back and forth is well encrypted.
The remote development security model lets you control almost all the security aspects of your work.
There are IDE components running both on the server-side and on the client-side. Any information loaded by the backend may be forwarded to the client without further user interaction, and any information provided to the client may be forwarded to the server-side process without further user interaction as well.
Connection security
The communication between JetBrains Client and the IDE backend is end-to-end encrypted with the 1.3 TLS even if performed in a secure SSH tunnel. JetBrains uses TLS 1.3 and on top of that, the SSH security connection is used.
Since in Remote Development there is no trust hierarchy from root certificates, the additional manual check is performed to ensure that there is no man-in-the-middle attack.
The regular connection link looks as follows:
Upon the connection, a client checks that the fingerprint of a host certificate is exactly
fp
. It verifies for the client that the host is correct (not hijacked by a third-party)Upon the connection, a host checks that the client provides a one-time connection token
jt
. It denies connection for anyone on this port who does not know this token.
It is safe to transfer any authentication information via this connection or pass this connection data via public space. It is done the same way for Code With Me as well.
Collecting logs and statistics
JetBrains collects statistics and logs with your permissions. The only time the statistics is collected automatically is the time when you are using the EAP version of GoLand. In any other cases, the permission dialog is displayed when you launch GoLand for the first time.
If you first agree to collecting and then change your mind, you can disable the collection of statistics in the Data Sharing settings.
Access the data settings
Press Ctrl+Alt+S to open the IDE settings and select
.Disable the Send usage statistics option and click OK to save the changes.
When JetBrains asks you to collect and send logs, it also warns you that the logs might contain the sensitive data.
Collect logs
From the main menu, select
.In the dialog that opens, click Show in Finder if you agree to sending the data to JetBrains.
For the full information on JetBrains privacy policy, refer to JetBrains website.
Opening arbitrary links
The IDE can require to open a browser for various features. Keep in mind that there is no browser on the server side. In this case, the request is redirected to JetBrains Client.
Before opening any arbitrary links on the client machine, JetBrains displays a confirmation dialog.
Copy and paste actions
The Copy / Paste action sends the content of the clipboard only before the actual paste and allows the backend to change the clipboard only during the actual copying.
SSH forwarding settings
The SSH forwarding settings let you use SSH key forwarding to authenticate access to Git repositories from your remote server. Alternatively, you can use the SSH-agent helper to achieve the same result.
Access SSH forwarding settings
Press Ctrl+Alt+S to open the IDE settings and select
.From the options on the right, select Enable SSH agent Forwarding and click OK to save the changes.
Port forwarding
You can access a port on the remote server by forwarding it to a local machine. It might be helpful for debugging purposes or bypassing a firewall.
Forward a remote port in JetBrains Client
Start a remote session and open your project.
Run the application.
In the Run too window, the application displays listening ports.
Click a port you want to forward and from the list of options, select Forward Port.
If you want to open the browser after forwarding, select Forward Port and open in browser.
Click the port you've have forwarded again and select Change Forwarded Port.
In the dialog that opens, change the port number and click OK.
As a result, the remote port is forwarded to the local machine.
Click the created port, to check the result in the browser.
Disable port forwarding
For security reasons, you can disable port forwarding settings for a specific user or for the whole system.
The changes should be made on the host IDE side.
For the user-specific settings, create a text file in the following directory:
For the system wide settings, create a text file in the following directory:
For the user-specific settings, create a text file in the following directory:
For the system wide settings, create a text file in the following directory:
For the user-specific settings, use the following registry key:
For system wide settings, use the following registry key:
In the SOFTWARE\JetBrains\portForwarding
directory create a key enabled with value of this setting.