|
|
|
|
|
|
by candiddevmike
609 days ago
|
|
|
None of that is required here? Etcha can be exposed on the Internet with a smaller risk profile than SSH: - Sane, secure defaults - HTTP-based--no fingerprinting, requires the correct path (which can be another secret), plays nicely with reverse proxies and forwarders (no need for jump boxes) - Rate limited by default - Only works with PKI auth - Clients verify/validate HTTPS certificates, no need for SSHFP records. |
|
|