Zorlin
commented
1 year ago This is hugely important, otherwise all my Netbird boxes basically have root on each other :/
Open dragon2611 opened 2 years ago
Zorlin
commented
1 year ago This is hugely important, otherwise all my Netbird boxes basically have root on each other :/
tconnard
commented
1 year ago This is a big issue for me. I don't want the cloud hosted (either managed or on a vm) management for the overlay network to be able to bypass access control for ssh. I already have my own ssh management in place
grzybniak
commented
1 year ago hello, any news here?
tjarbo
commented
1 year ago Hi, any progress on this topic? Maybe @braginini (as you posted on #852)? As highlighted in https://github.com/netbirdio/netbird/issues/683#issuecomment-1806477634, this SSH feature (among others) is really a no-go as the netbird server/network operator is currently too powerful. ACLs etc. are not a mitigation for this threat.
jonathanspw
commented
1 year ago +1
codyro
commented
1 year ago +1
Can we please make SSH support something that can be disabled from the client side?
I quite like the way tailscale handles it where if you want to use their SSH implementation you have to connect the client with an argument passed so it tells the control plane SSH is available before you can switch on tailscale SSH.