I have been using Visual Studio Code (VSC) a lot in my work recently, especially when working with Jupyter notebooks.

Someone pointed out to me that Jupyter notebooks have become the target of ransomware attacks. I would therefore like to make sure that my work with VSC and Jupyter notebooks is indeed secure (enough).

I connect to my institution from home via VPN where I connect to a central server using SSH. I then attach my VSC to a container that is running on that central server. The container launches a Jupyter notebook server upon start (CMD jupyter notebook ...) and this server uses a specific token for security.

I now also wanted to use an SSL certificate, which I created myself, to encrypt communication with the Jupyter notebook server running inside the container. I follow the instructions on how to "Connect to a remote Jupyter server" described at the bottom of this VSC webpage.

However, when opening a notebook, VSC tells me that it "failed to connect to the remote Jupyter Server". The Jupyter Logs look as follows:

Visual Studio Code (1.66.0, attached-container, desktop)
Jupyter Extension Version: 2022.3.1000901801.
Python Extension Version: 2022.4.0.
Workspace folder /path/to/my
Info 12:56:34: ZMQ install verified.
User belongs to experiment group 'jupyterTestcf'
User belongs to experiment group 'jupyterEnhancedDataViewer'
Info 12:56:35: Old kernelspecs (created by Jupyter extension) stored in directory HOME_DIR_ON_HOST/.local/share/jupyter/kernels/__old_vscode_kernelspecs
Error 12:56:35: getCondaFile, Class name = b, completed in 25ms, has a falsy return value [Error: ENOENT: no such file or directory, lstat 'HOME_DIR_ON_HOST/anaconda2/bin/conda'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'lstat',
  path: 'HOME_DIR_ON_HOST/anaconda2/bin/conda'
}
Error 12:56:35: getCondaVersion, Class name = b, completed in 28ms, has a falsy return value [Error: ENOENT: no such file or directory, lstat 'HOME_DIR_ON_HOST/anaconda2/bin/conda'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'lstat',
  path: 'HOME_DIR_ON_HOST/anaconda2/bin/conda'
}
Info 12:56:35: Checking for server existence.
Info 12:56:35: Checking for server usability.
Info 12:56:35: Starting notebook server.
Info 12:56:35: Connecting to server
Info 12:56:35: Connecting to process server
Info 12:56:35: Connecting server kernel https://0.0.0.0:8888/
Connecting to Jupyter server at https://0.0.0.0:8888/
Info 12:56:35: Creating server with settings : {"baseUrl":"https://0.0.0.0:8888/","appUrl":"","wsUrl":"wss://0.0.0.0:8888/","token":"my_notebook_server_token_0123456789","appendToken":true,"init":{"cache":"no-store","credentials":"same-origin"}}
Info 12:56:35: Connection complete server
Info 12:56:35: Server started.
Info 12:56:35: Creating server with settings : {"baseUrl":"https://0.0.0.0:8888/","appUrl":"","wsUrl":"wss://0.0.0.0:8888/","token":"my_notebook_server_token_0123456789","appendToken":true,"init":{"cache":"no-store","credentials":"same-origin"}}
Info 12:56:35: Preferred kernel connection found in cache .jvsc74a57bd0df0893f56f349688326838aaeea0de204df53a132722cbd565e54b24a8fec5f6./usr/bin/python3.8./usr/bin/python3.8.-m#ipykernel_launcher
Info 12:56:35: PreferredConnection: .jvsc74a57bd0df0893f56f349688326838aaeea0de204df53a132722cbd565e54b24a8fec5f6./usr/bin/python3.8./usr/bin/python3.8.-m#ipykernel_launcher found for NotebookDocument: /path/to/my/jupyter_notebook_file.ipynb
Info 12:56:35: Early registration of controller for Kernel connection .jvsc74a57bd0df0893f56f349688326838aaeea0de204df53a132722cbd565e54b24a8fec5f6./usr/bin/python3.8./usr/bin/python3.8.-m#ipykernel_launcher
Info 12:56:35: TargetController found ID: .jvsc74a57bd0df0893f56f349688326838aaeea0de204df53a132722cbd565e54b24a8fec5f6./usr/bin/python3.8./usr/bin/python3.8.-m#ipykernel_launcher for document /path/to/my/jupyter_notebook_file.ipynb
Info 12:56:35: Setting controller affinity for /path/to/my/jupyter_notebook_file.ipynb .jvsc74a57bd0df0893f56f349688326838aaeea0de204df53a132722cbd565e54b24a8fec5f6./usr/bin/python3.8./usr/bin/python3.8.-m#ipykernel_launcher
Info 12:56:35: Getting activation commands for /usr/bin/python3.8 are not cached. May take a while.
Info 12:56:35: Experiment status for python is {"enabled":true,"optInto":[],"optOutFrom":[]}
Info 12:56:35: Creating controller for jupyter-notebook with interpreter /usr/bin/python3.8
Info 12:56:35: Disposing session manager
Info 12:56:35: SessionManager - dispose contents manager
Info 12:56:35: ShutdownSessionAndConnection - dispose session manager
Info 12:56:35: Finished disposing jupyter session manager
Error 12:56:35: Failed to get remote kernel connections [FetchError: request to https://0.0.0.0:8888/api/kernels?1649249795574 failed, reason: self signed certificate
    at ClientRequest.<anonymous> (/home/USER_NAME/.vscode-server/extensions/ms-toolsai.jupyter-2022.3.1000901801/out/extension.js:2:3868613)
    at ClientRequest.emit (node:events:390:28)
    at TLSSocket.socketErrorListener (node:_http_client:447:9)
    at TLSSocket.emit (node:events:390:28)
    at emitErrorNT (node:internal/streams/destroy:157:8)
    at emitErrorCloseNT (node:internal/streams/destroy:122:3)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)]
Info 12:56:35: Creating server with settings : {"baseUrl":"https://0.0.0.0:8888/","appUrl":"","wsUrl":"wss://0.0.0.0:8888/","token":"my_notebook_server_token_0123456789","appendToken":true,"init":{"cache":"no-store","credentials":"same-origin"}}
Info 12:56:35: Disposing session manager
Info 12:56:35: SessionManager - dispose contents manager
Info 12:56:35: ShutdownSessionAndConnection - dispose session manager
Error 12:56:35: SessionManager cannot enumerate kernelspecs. Returning default {}.
Info 12:56:35: Finished disposing jupyter session manager
Error 12:56:35: Failed to get remote kernel connections [FetchError: request to https://0.0.0.0:8888/api/kernels?1649249795658 failed, reason: self signed certificate
    at ClientRequest.<anonymous> (/home/USER_NAME/.vscode-server/extensions/ms-toolsai.jupyter-2022.3.1000901801/out/extension.js:2:3868613)
    at ClientRequest.emit (node:events:390:28)
    at TLSSocket.socketErrorListener (node:_http_client:447:9)
    at TLSSocket.emit (node:events:390:28)
    at emitErrorNT (node:internal/streams/destroy:157:8)
    at emitErrorCloseNT (node:internal/streams/destroy:122:3)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)]
Error 12:56:35: SessionManager cannot enumerate kernelspecs. Returning default {}.
Info 12:56:35: Setting setActiveController for /path/to/my/jupyter_notebook_file.ipynb
Info 12:56:35: KernelProvider switched kernel to id = .jvsc74a57bd0df0893f56f349688326838aaeea0de204df53a132722cbd565e54b24a8fec5f6./usr/bin/python3.8./usr/bin/python3.8.-m#ipykernel_launcher
Info 12:56:35: Starting Notebook in kernel.ts id = .jvsc74a57bd0df0893f56f349688326838aaeea0de204df53a132722cbd565e54b24a8fec5f6./usr/bin/python3.8./usr/bin/python3.8.-m#ipykernel_launcher for /path/to/my/jupyter_notebook_file.ipynb
Info 12:56:35: Creating raw notebook for /path/to/my/jupyter_notebook_file.ipynb
Info 12:56:35: Getting preferred kernel for /path/to/my/jupyter_notebook_file.ipynb
Info 12:56:35: Computing working directory /path/to/my/jupyter_notebook_file.ipynb
Info 12:56:35: Starting raw kernel Python 3.8.0 64-bit for interpreter /usr/bin/python3.8
Info 12:56:35: Kernel launching with ports 9000,9001,9002,9003,9004. Start port is 9000
Info 12:56:36: Registering dummy command feature
Info 12:56:36: Process Execution: > /usr/bin/python3.8 -c "import ipykernel; print(ipykernel.__version__); print("5dc3a68c-e34e-4080-9c3e-2a532b2ccb4d"); print(ipykernel.__file__)"
> /usr/bin/python3.8 -c "import ipykernel; print(ipykernel.__version__); print("5dc3a68c-e34e-4080-9c3e-2a532b2ccb4d"); print(ipykernel.__file__)"
Info 12:56:36: Process Execution: > /usr/bin/python3.8 -m pip list
> /usr/bin/python3.8 -m pip list
Info 12:56:36: Process Execution: > /usr/bin/python3.8 -m ipykernel_launcher --ip=127.0.0.1 --stdin=9003 --control=9001 --hb=9000 --Session.signature_scheme="hmac-sha256" --Session.key=b"4a5e0f9c-619c-4f3a-93bc-34b47687f29b" --shell=9002 --transport="tcp" --iopub=9004 --f=/tmp/tmp-95651J3x4guubfFs.json
> /usr/bin/python3.8 -m ipykernel_launcher --ip=127.0.0.1 --stdin=9003 --control=9001 --hb=9000 --Session.signature_scheme="hmac-sha256" --Session.key=b"4a5e0f9c-619c-4f3a-93bc-34b47687f29b" --shell=9002 --transport="tcp" --iopub=9004 --f=/tmp/tmp-95651J3x4guubfFs.json
Info 12:56:36: Process Execution: cwd: /path/to/my
cwd: /path/to/my
Info 12:56:36: ipykernel version 6.9.1 for /usr/bin/python3.8
Info 12:56:36: ipykernel location /usr/local/lib/python3.8/dist-packages/ipykernel/__init__.py for /usr/bin/python3.8
Warn 12:56:36: StdErr from Kernel Process /usr/local/lib/python3.8/dist-packages/traitlets/traitlets.py:2202: FutureWarning: Supporting extra quotes around strings is deprecated in traitlets 5.0. You can use 'hmac-sha256' instead of '"hmac-sha256"' if you require traitlets >=5.
  warn(
/usr/local/lib/python3.8/dist-packages/traitlets/traitlets.py:2157: FutureWarning: Supporting extra quotes around Bytes is deprecated in traitlets 5.0. Use '4a5e0f9c-619c-4f3a-93bc-34b47687f29b' instead of 'b"4a5e0f9c-619c-4f3a-93bc-34b47687f29b"'.
  warn(

Info 12:56:36: Kernel Output: NOTE: When using the `ipython kernel` entry point, Ctrl-C will not work.

To exit, you will have to explicitly quit this process, by either sending
"quit" from a client, or using Ctrl-\ in UNIX-like environments.

To read more about this, see https://github.com/ipython/ipython/issues/2049


To connect another client to this kernel, use:
    --existing /tmp/tmp-95651J3x4guubfFs.json

Info 12:56:36: Raw session started and connected
Started kernel Python 3.8.0 64-bit
Info 12:56:36: Finished connecting 2a4e3b0a-7236-4be4-8eaa-d7ad834b6235
Info 12:56:37: UpdateWorkingDirectoryAndPath in Kernel
Info 12:56:37: Executing silently Code (idle) = import site\nsite.addsitedir(site.getusersitepackages())\nimport os\nimport sys\n