Hacker News new | ask | show | jobs
by onlypositive 1049 days ago
And have to use their shitty webui?

Ssh has 2fa options if that's the real reason.

Fwiw, this guide also suggests setting up a wg connection which is no better than ssh, and probably worse in some ways.
1 comments
vel0city 1049 days ago
It doesn't need to be through the web UI, it can be done through the cli.

https://docs.aws.amazon.com/systems-manager/latest/userguide...

Google Cloud has a similar gcloud compute ssh instance-name command, and I imagine there's a similar one on azure.

link
onlypositive 1049 days ago
That's ssh?
link
vel0city 1049 days ago
There's massive differences of using this compared to throwing some keys on a server and opening 22. These systems use the cloud provider's proxying and authz/authn to dynamically grant access.

One could have a box with no public IP and no open ports and still use this to connect.

link
onlypositive 1049 days ago
Cloud providers proxying?

Via ssh? With an SSH key? Over port 22?

link
vel0city 1049 days ago
> Via ssh?

No, through their in-house proxy tools such as Session Manager or Identity Aware Proxy or whatever Azure has.

> With an SSH key?

Not at the edge, and not an SSH key you manage. A dynamically generated one managed by the cloud provider which exists just for that session. So, not really, not like you're thinking.

> Over port 22?

For the tunnel? No.

link