Security model

When your work includes accessing remote servers you want to be sure that the connection between your local machine and the backend is secured and any data going back and forth is well encrypted.

The remote development security model lets you control almost all the security aspects of your work.

There are IDE components running both on the server-side and on the client-side. Any information loaded by the backend may be forwarded to the client without further user interaction, and any information provided to the client may be forwarded to the server-side process without further user interaction as well.

Connection security

The communication between JetBrains Client and the IDE backend is end-to-end encrypted with the 1.3 TLS even if performed in a secure SSH tunnel. JetBrains uses TLS 1.3 and on top of that, the SSH security connection is used.

Since in Remote Development there is no trust hierarchy from root certificates, the additional manual check is performed to ensure that there is no man-in-the-middle attack.

The regular connection link looks as follows:

tcp://0.0.0.0:5990#jt=71b0a870-e082-4e6b-aaf6-757398801cd2&p=IU&fp=17DC5CAB759FD8BB4298AF1116EA7D5E1F1D3C4D520CFC99748DBD0A88840B36&cb=223.2951&jb=17.0.4b535.2

Upon the connection, a client checks that the fingerprint of a host certificate is exactly fp. It verifies for the client that the host is correct (not hijacked by a third-party)
Upon the connection, a host checks that the client provides a one-time connection token jt. It denies connection for anyone on this port who does not know this token.

It is safe to transfer any authentication information via this connection or pass this connection data via public space. It is done the same way for Code With Me as well.

Collecting logs and statistics

JetBrains collects statistics and logs with your permissions. The only time the statistics is collected automatically is the time when you are using the EAP version of CLion. In any other cases, the permission dialog is displayed when you launch CLion for the first time.

If you first agree to collecting and then change your mind, you can disable the collection of statistics in the Data Sharing settings.

Access the data settings

Press Ctrl+Alt+S to open the IDE settings and select Appearance & Behavior | System Settings | Data Sharing.
Disable the Send usage statistics option and click OK to save the changes.

When JetBrains asks you to collect and send logs, it also warns you that the logs might contain the sensitive data.

Collect logs

From the main menu, select Help | Collect Logs and Diagnostic Data.
In the dialog that opens, click Show in Finder if you agree to sending the data to JetBrains.

For the full information on JetBrains privacy policy, refer to JetBrains website.

Opening arbitrary links

The IDE can require to open a browser for various features. Keep in mind that there is no browser on the server side. In this case, the request is redirected to JetBrains Client.

Before opening any arbitrary links on the client machine, JetBrains displays a confirmation dialog.

Copy and paste actions

The Copy / Paste action sends the content of the clipboard only before the actual paste and allows the backend to change the clipboard only during the actual copying.

SSH forwarding settings

The SSH forwarding settings let you use SSH key forwarding to authenticate access to Git repositories from your remote server. Alternatively, you can use the SSH-agent helper to achieve the same result.

Access SSH forwarding settings

Press Ctrl+Alt+S to open the IDE settings and select Tools | SSH Forwarding.
From the options on the right, select Enable SSH agent Forwarding and click OK to save the changes.

Port forwarding

You can access a port on the remote server by forwarding it to a local machine. It might be helpful for debugging purposes or bypassing a firewall.

Forward a remote port in JetBrains Client

Start a remote session and open your project.
Run the application.
In the Run tool window, the application displays listening ports.
Click a port you want to forward and from the list of options, select Forward Port.
If you want to open the browser after forwarding, select Forward Port and open in browser.
Click the port you've have forwarded again and select Change Forwarded Port.
In the dialog that opens, change the port number and click OK.
As a result, the remote port is forwarded to the local machine.
Click the created port, to check the result in the browser.

Disable port forwarding

For security reasons, you can disable port forwarding settings for a specific user or for the whole system.

The changes should be made on the host IDE side.

For the user-specific settings, create a text file in the following directory:

/Users/UserName/Library/Application Support/JetBrains/portForwarding/enabled

For the system wide settings, create a text file in the following directory:

/Library/Application Support/JetBrains/portForwarding/enabled

For the user-specific settings, create a text file in the following directory:

$HOME/.config/JetBrains/portForwarding/enabled

For the system wide settings, create a text file in the following directory:

/etc/xdg/JetBrains/portForwarding/enabled

For the user-specific settings, use the following registry key:

HKEY_CURRENT_USER

For system wide settings, use the following registry key:

HKEY_LOCAL_MACHINE

In the SOFTWARE\JetBrains\portForwarding directory create a key enabled with value of this setting.

Last modified: 21 December 2022