Security/Production Readiness #64
Comments
|
Hi, There are two distinct parts in the sshportal flow:
The part 1. is entirely in-house, it tries to stay simple, and for now, I didn't have any security feedback (I know people using it in production and security people using it); please contact me / open an issue, if you find weaknesses in this part The part 2. is very simple; it's like a proxy that forwards everything through the secure ssh connections; even if nothing can be considered as 100% secure, I'm confident that this step is "production ready". The most important thing to check in my opinion is the server that will run |
|
@moul thanks for your comprehensive reply! I am using it as bastion for Kubernetes cluster, and after students sign up, the web front end will automatically provision a server and create an account through the bastion, is this a correct use case? |
|
Yes, definitely, I'm also using it in equivalent workflows |
|
We use patched version to implement single access for our developers to hundreds of client hosting servers. Besides interactive ssh sessions, we implemented non interactive automatic mounting of remote filesystems using afuse, sshfs and samba. There are some glitches (connection timeouts — solved with a patch, and we have to disable logs with nullfs), but in general it is very useful lighweight tool with well designed UX. Works pretty stable (knock on wood). Great work! |
|
@kreanda any plans to send a pull? :D |
Hi! Thanks so much for building this, I have been looking for something like this for a long time. Is this production ready? E.g. if I let students (assuming hostile users) SSH into various servers hosting Jupyter notebooks, is there any possibility that the bastion server may be compromised etc.? If it get compromised, is there any risk for other users to be MITMed?
The text was updated successfully, but these errors were encountered: