It's not about RBAC at all. Goal is not to expose ssh socket to the Internet! ss... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		betaby on July 2, 2024 \| parent \| context \| favorite \| on: RegreSSHion: RCE in OpenSSH's server, on glibc-bas... It's not about RBAC at all. Goal is not to expose ssh socket to the Internet! ssh tcp is encapsulated in https packet and ONLY after successful certificate auth by HAProxy.

aflukasz on July 6, 2024 [–]

Right, but now your are exposing HA proxy socket to the Internet. Why is that better?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact