[luminousbit]

Personally I’ve been a big fan of strongDM (https://www.strongdm.com/).

Lightyears ahead of teleport or any of the other solutions out there. Built for great auditing and zero trust.

Best of all it’s multi-protocol. So you can do SSH, SQL, K8s, HTTP all with one access system.

Had it in prod for almost two years. Gonna be a long time before hashicorp or anyone else can catch up with the level of depth.

[pferde]

StrongDM does indeed look interesting. Can it be completely self-hosted? I am asking because some of the architecture docs mentioned "app.strongdm.com" as a necessary element, which has a webpage behind a (customer?) login. This is an external dependency that is not acceptable for my use case.

I haven't found a conclusive answer in their documentation yet.

[jmccarthy]

Justin here, co-founder and CTO of strongDM. The policy and audit functions of our product are hosted by us, but all the sensitive data transit - the proxies themselves - are hosted by you. Hope that helps!

[pferde]

Thanks for the reply, I really appreciate it. Unfortunately, that is not acceptable for what I had in mind.

[outworlder]

> Best of all it’s multi-protocol. So you can do SSH, SQL, K8s, HTTP all with one access system.

Teleport is SSH based so you can tunnel other protocols.

[bulatz]

I tried to set up sftp via strongdm hoping it will work since sftp is using ssh, but I failed. It just did not connect