Because then there would be some service exposed to the Internet (not over WireG... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on March 2, 2021 \| parent \| context \| favorite \| on: SSH and User-Mode IP WireGuard Because then there would be some service exposed to the Internet (not over WireGuard; if you have WireGuard, you don't need a jump box) whose job it would be to hop 6PN networks. The only thing we have in our infra now that controls access to 6PN is eBPF code; we keep the system simple so we can reason about it.

bluesign on March 2, 2021 [–]

Fair point, but isn’t this also losing “who connected to this server in my organization and when” information.

tptacek on March 2, 2021 | [–]

We pipe logs from our instances to users (all logs, including your app's); you can see them in `flyctl`. (Certificate issuance is also logged in our API, and these certs are very short-lived).

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact