Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Could you elaborate on WireGuard part? Do you mean that users must first VPN, and only then can SSH, or something else?


Yes. This is how SSH access to prod works in most large companies: you have to be behind the VPN to get it.


You know this but I'm just throwing it in for people who don't and aren't working on large company things:

You can give yourself a WireGuard-powered, Single Sign-on, secure overlay network between, say, your phone, your laptop, a DO droplet and an AWS instance near-instantly and for (currently) free with tailscale.

By 'near-instantly' I mean it takes almost no effort to set up. It takes me longer to get my dotfiles right on a new host.


It is disgusting how good Tailscale is. I mean that I am literally welling up with disgust thinking about it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: