starred/terminal
1
0
Fork 0
mirror of https://github.com/microsoft/terminal.git synced 2026-02-04 05:35:20 +00:00
Code Issues 19.0k Packages Projects Releases 20 Wiki Activity

Each Tab should clearly identify to what you are connected to (security issue) #17824

New Issue
Closed
opened 2026-01-31 05:55:25 +00:00 by claunia · 7 comments
claunia commented 2026-01-31 05:55:25 +00:00
Owner
Copy Link

Originally created by @ohault on GitHub (Jun 28, 2022).

Description of the new feature/enhancement

When using Terminal, the user cannot see to where he/she is connected to. The problem is even worse and dangerous when you are using several tabs on the same type.

e.g.
Tab 1 : a PowerShell session to your local Windows host
Tab 2 : a PowerShell session to a Windows Container X
Tab 3 : a PowerShell session to a Windows Container Y
....

This ticket is in relationship with SSH sessions - see https://github.com/microsoft/terminal/issues/13327

Proposed technical implementation details (optional)

Each tab should clearly display in all cases and situation to what your are connected to (the remote end point of your connection).

Originally created by @ohault on GitHub (Jun 28, 2022). # Description of the new feature/enhancement When using Terminal, the user cannot see to where he/she is connected to. The problem is even worse and dangerous when you are using several tabs on the same type. e.g. Tab 1 : a PowerShell session to your local Windows host Tab 2 : a PowerShell session to a Windows Container X Tab 3 : a PowerShell session to a Windows Container Y .... This ticket is in relationship with SSH sessions - see https://github.com/microsoft/terminal/issues/13327 # Proposed technical implementation details (optional) Each tab should clearly display in all cases and situation to what your are connected to (the remote end point of your connection).
claunia added the Issue-QuestionNeeds-Tag-FixResolution-Answered labels 2026-01-31 05:55:26 +00:00
claunia commented 2026-01-31 05:55:27 +00:00
Author
Owner
Copy Link

@DHowett commented on GitHub (Jun 28, 2022):

Hey, thanks for the request!

The terminal does not know (1) that there is even a "remote" connection, and (2) where that connection terminates. Unfortunately, that information just isn't available -- ssh.exe, powershell.exe, and friends don't report it, so we can't figure it out.

That having been said, a great many people configure their remote shells to report that information for them, into the prompt and into the titlebar. There are some very good tutorials around the web on how to get this going.

As an alternative, I might recommend renaming your tabs when you know what they're connected to:

image
@DHowett commented on GitHub (Jun 28, 2022): Hey, thanks for the request! The terminal does not know (1) that there is even a "remote" connection, and (2) where that connection terminates. Unfortunately, that information just isn't available -- `ssh.exe`, `powershell.exe`, and friends don't report it, so we can't figure it out. That having been said, a great many people configure their remote shells to report that information for them, into the prompt _and into the titlebar._ There are some very good tutorials around the web on how to get this going. As an alternative, I might recommend renaming your tabs when you know what they're connected to: <img width="251" alt="image" src="https://user-images.githubusercontent.com/189190/176289404-780c603a-969c-48bf-ac3c-fa9d01a15357.png">
claunia commented 2026-01-31 05:55:27 +00:00
Author
Owner
Copy Link

@ohault commented on GitHub (Jun 28, 2022):

@DHowett can your please re-open this ticket because it's taking the problem by the wrong side ?

Terminal SHOULD take care of these critical information. This is a security issue. You cannot take the assumption to delegate the accountability of all Terminal users around the world to make specific configurations to don't mess up their connections !!!!

The profile only model of Terminal is just a too restrictive and very, very dangerous.
Just imagine how dangerous could be Remote Desktop client software if the user could identify their connections !!!!

My suggestions are the following:

  • For all "profite" that are connection-oriented like PowerShell, SSH, .... Terminal should provide a way to open a new SESSION via a window to establish to a connection.
  • Terminal should provide an API / command line parameters to do it from another program (e.g. docker/nerdctl, WSL ....)
  • For the others, Terminal and plugins should provide a way to parse the prompts to report to Terminal which is the target system currently connected to (including well known split screens technologies - https://opensource.com/article/20/5/split-terminal)
@ohault commented on GitHub (Jun 28, 2022): @DHowett can your please re-open this ticket because it's taking the problem by the wrong side ? Terminal SHOULD take care of these critical information. This is a security issue. You cannot take the assumption to delegate the accountability of all Terminal users around the world to make specific configurations to don't mess up their connections !!!! The profile only model of Terminal is just a too restrictive and very, very dangerous. Just imagine how dangerous could be Remote Desktop client software if the user could identify their connections !!!! My suggestions are the following: - For all "profite" that are connection-oriented like PowerShell, SSH, .... Terminal should provide a way to open a new SESSION via a window to establish to a connection. - Terminal should provide an API / command line parameters to do it from another program (e.g. docker/nerdctl, WSL ....) - For the others, Terminal and plugins should provide a way to parse the prompts to report to Terminal which is the target system currently connected to (including well known split screens technologies - https://opensource.com/article/20/5/split-terminal)
claunia commented 2026-01-31 05:55:27 +00:00
Author
Owner
Copy Link

@DHowett commented on GitHub (Jun 28, 2022):

A single terminal emulator doesn't have the sway over the ecosystem at large to pull off what you're asking for; it's just not technically feasible given the direction in which text-mode software has evolved. There is no distinction between a local text-mode application that access local resources, and a local text-mode application that connects to a remote server and accesses remote resources.

At the end of the day, it is a terminal emulator's job to host local applications regardless of what those local applications do. Profiles specify only local applications.

If we were to seek to standardize some form of host reporting, it would probably take a decade to get anywhere -- and we would need buy-in from the Docker folks, the SSH folks, terminal emulator authors across the industry and more. It's just... not something we can tackle.

Guessing (as suggested by your third bullet point) has its own issues:

image

What host is this? It didn't tell us. We don't even know with certainty what operating system it is.
I've used GNOME Terminal to illustrate that we're not alone in not being able to figure this out.

@DHowett commented on GitHub (Jun 28, 2022): A single terminal emulator doesn't have the sway over the ecosystem at large to pull off what you're asking for; it's just not technically feasible given the direction in which text-mode software has evolved. There is no distinction between a local text-mode application that access local resources, and a local text-mode application that connects to a remote server and accesses remote resources. At the end of the day, it is a terminal emulator's job to _host local applications_ regardless of what those local applications do. Profiles specify only local applications. If we were to seek to standardize some form of host reporting, it would probably take a decade to get anywhere -- and we would need buy-in from the Docker folks, the SSH folks, terminal emulator authors across the industry and more. It's just... not something we can tackle. Guessing (as suggested by your third bullet point) has its own issues: <img width="376" alt="image" src="https://user-images.githubusercontent.com/189190/176316007-03560be3-bdde-472c-9ad6-59adfa94c175.png"> What host is this? It didn't tell us. We don't even know with certainty what _operating system_ it is. I've used GNOME Terminal to illustrate that we're not alone in not being able to figure this out.
claunia commented 2026-01-31 05:55:27 +00:00
Author
Owner
Copy Link

@ohault commented on GitHub (Jun 28, 2022):

For sure some exceptions will last and the problem is not simple one. I can even think about using AI for the more complex situations.

The main goal here is to solve this huge problem/security risk for all the other cases.

@ohault commented on GitHub (Jun 28, 2022): For sure some exceptions will last and the problem is not simple one. I can even think about using AI for the more complex situations. The main goal here is to solve this huge problem/security risk for all the other cases.
claunia commented 2026-01-31 05:55:28 +00:00
Author
Owner
Copy Link

@tracker1 commented on GitHub (Sep 15, 2022):

@ohault If I open a WSL prompt, and then ssh to a remote machine, should it be showing that I'm SSHd to a remote, or that I'm in a local WSL? This could get very messy.

For reference, I do have most of my prompts display the system, including setting the windows title with it.

@tracker1 commented on GitHub (Sep 15, 2022): @ohault If I open a WSL prompt, and then ssh to a remote machine, should it be showing that I'm SSHd to a remote, or that I'm in a local WSL? This could get very messy. For reference, I do have most of my prompts display the system, including setting the windows title with it.
claunia commented 2026-01-31 05:55:28 +00:00
Author
Owner
Copy Link

@ohault commented on GitHub (Sep 15, 2022):

hi @tracker1 , the idea is well to have a background tracking of what the user is typing and the results to infer the context as if someone was looking over my shoulder.

@ohault commented on GitHub (Sep 15, 2022): hi @tracker1 , the idea is well to have a background tracking of what the user is typing and the results to infer the context as if someone was looking over my shoulder.
claunia commented 2026-01-31 05:55:28 +00:00
Author
Owner
Copy Link

@tracker1 commented on GitHub (Sep 19, 2022):

@ohault that seems like a LOT of overhead... so now, the Terminal needs to know you're in a bash shell vs. pwsh vs X, Y or Z tools?

@tracker1 commented on GitHub (Sep 19, 2022): @ohault that seems like a *LOT* of overhead... so now, the Terminal needs to know you're in a bash shell vs. pwsh vs X, Y or Z tools?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Reserved
A11yCO
A11yMAS
A11ySev1
A11ySev2
A11ySev3
A11yTTValidated
A11yUsable
A11yVoiceAccess
A11yWCAG
Area-Accessibility
Area-AtlasEngine
Area-AzureShell
Area-Build
Area-Build
Area-Chat
Area-CmdPal
Area-CodeHealth
Area-Commandline
Area-CookedRead
Area-DefApp
Area-Extensibility
Area-Fonts
Area-GroupPolicy
Area-i18n
Area-Input
Area-Interaction
Area-Interop
Area-Localization
Area-Output
Area-Performance
Area-Portable
Area-Quality
Area-Remoting
Area-Rendering
Area-Schema
Area-Server
Area-Settings
Area-SettingsUI
Area-ShellExtension
Area-ShellExtension
Area-ShellExtension
Area-Suggestions
Area-Suggestions
Area-TerminalConnection
Area-TerminalControl
Area-Theming
Area-UserInterface
Area-VT
Area-Windowing
Area-WPFControl
AutoMerge
Blocking-Ingestion
Culprit-Centennial
Culprit-WinUI
Disability-All
Disability-Blind
Disability-LowVision
Disability-Mobility
External-Blocked-WinUI3
Fixed
Gathering-Data
good first issue
HCL-E+D
HCL-WindowsTerminal
Help Wanted
Impact-Compatibility
Impact-Compliance
Impact-Correctness
Impact-Visual
In-PR
InclusionBacklog
InclusionBacklog-Windows TerminalWin32
InclusionCommitted-202206
Issue-Bug
Issue-Docs
Issue-Feature
Issue-Feature
Issue-Question
Issue-Samples
Issue-Scenario
Issue-Task
Needs-Attention
Needs-Author-Feedback
Needs-Bisect
Needs-Discussion
Needs-Repro
Needs-Tag-Fix
Needs-Tag-Fix
Needs-Triage
No-Recent-Activity
Priority-0
Priority-1
Priority-2
Priority-3
Product-Cmd.exe
Product-Colortool
Product-Colortool
Product-Colortool
Product-Conhost
Product-Conpty
Product-Meta
Product-Powershell
Product-Terminal
Product-WSL
pull-request
Mirrored from GitHub Pull Request
 Resolution-Answered
Resolution-By-Design
Resolution-Duplicate
Resolution-External
Resolution-Fix-Available
Resolution-Fix-Committed
Resolution-No-Repro
Resolution-Won't-Fix
Severity-Blocking
Severity-Crash
Severity-DataLoss
spam
this-will-be-a-breaking-change
Tracking-External
WindowsTerminal_Win32
Work-Item
zAskModeBug
zInbox-Bug
No Label Issue-Question Needs-Tag-Fix Resolution-Answered
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/terminal#17824
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?