beyond vs huproxy #3
Comments
|
Hi @vzuevsky, thanks for writing. SSH is always a good tree 😎 I'm assuming you refer to https://github.com/google/huproxy. This project does not answer cloud scale authentication nor authorization like beyond with oidc/saml/oauth2 and backend entities though it could be easily extended. Also, does huproxy need a special client software? One beyond goal is to maximize interoperability. We have an SSH project to release soon. It builds on this project: http://github.com/gliderlabs/ssh and adds GitHub and DUO integrations. What federation integrations do you need for SSH keys, multi factor, backend ACL, etc.? Cheers, -Joe |
|
I think I am just trying to understand big picture around beyondcorp. Is https://www.beyondcorp.com/ backed by this repo, or is this repo something else? I indeed considered huproxy you mentioned in conjunction with https://github.com/Cloud-Foundations/keymaster/ (which works in PoC). So they are potentially three different solutions saying they are "beyondcorp" :-) You also mentioned https://github.com/gliderlabs/ssh (which you will rely on). I understand that's an ssh server replacing sshd in effect? |
|
Keymaster is new to me and looks interesting, thanks for the introduction! Great question on the big picture -
These projects make some choices on access control so all together we propose they implement the 3 components encircled in green below here from beyondcorp.com:
Correct on the sshd question. Our Beyond SSHd project doesn't accept passwords or spawn shells like a bastion host but rather enforces MFA and only supports forwarding and proxy flags such as: -L -R -D -J (LocalForward, RemoteForward, SOCKS, ProxyJump). We use these together to enable and control private network access at scale without VPN. |
Hi guys, I can see there was huproxy to be an ssh plugin to access beyond. Do you have anything to replace huproxy as part of this active project - or am I shaking the wrong tree? Cheers
The text was updated successfully, but these errors were encountered: