Hacker News new | past | comments | ask | show | jobs | submit login

And have to use their shitty webui?

Ssh has 2fa options if that's the real reason.

Fwiw, this guide also suggests setting up a wg connection which is no better than ssh, and probably worse in some ways.




It doesn't need to be through the web UI, it can be done through the cli.

https://docs.aws.amazon.com/systems-manager/latest/userguide...

Google Cloud has a similar gcloud compute ssh instance-name command, and I imagine there's a similar one on azure.


That's ssh?


There's massive differences of using this compared to throwing some keys on a server and opening 22. These systems use the cloud provider's proxying and authz/authn to dynamically grant access.

One could have a box with no public IP and no open ports and still use this to connect.


Cloud providers proxying?

Via ssh? With an SSH key? Over port 22?


> Via ssh?

No, through their in-house proxy tools such as Session Manager or Identity Aware Proxy or whatever Azure has.

> With an SSH key?

Not at the edge, and not an SSH key you manage. A dynamically generated one managed by the cloud provider which exists just for that session. So, not really, not like you're thinking.

> Over port 22?

For the tunnel? No.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: