Conversation

Notices

1. Embed this notice
   Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 02-Dec-2024 00:13:38 JST Solène :flan_hacker:

   Is there a known software to run a SSH bastion on OpenBSD?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 02-Dec-2024 01:24:54 JST Solène :flan_hacker:

     in reply to

     • purple 👊✊💨

     @purple I don't understand the answer. I asked about a SSH bastion software compatible with OpenBSD

   • Embed this notice
     purple 👊✊💨 (purple@nya.social)'s status on Monday, 02-Dec-2024 01:24:56 JST purple 👊✊💨

     in reply to

     @solene@bsd.network i don't understand the question. my home network's bastion host is a VM running on the home server. my work's bastion host is a docker image that i spin up only when needed because we've externalized that network's security tokens.
     
     chances are all that's needed is a VM and to take a few minutes to harden it?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 02-Dec-2024 02:19:01 JST Solène :flan_hacker:

     in reply to

     • Parade du Grotesque 💀

     @ParadeGrotesque interesting, thanks!

     However, they state clearly it won't work on OpenBSD :flan_aw:

     > Other BSD variants, such as OpenBSD and NetBSD, are unsupported as they have a severe limitation over the maximum number of supplementary groups, causing problems for group membership and restricted commands checks, as well as no filesystem-level ACL support and missing PAM support (hence no MFA).

   • Embed this notice
     Parade du Grotesque 💀 (paradegrotesque@mastodon.sdf.org)'s status on Monday, 02-Dec-2024 02:19:02 JST Parade du Grotesque 💀

     in reply to

     @solene

     I have taken a look (*) at OVH Bastion and it seems like it would be lighter than Guacamole:

     https://github.com/ovh/the-bastion

     (* taken a look as in: I looked at the documentation and it seemed pretty well done - not tested in more details)