Rendered at 13:03:45 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
jasongill 17 hours ago [-]
I've been in the industry for a long, long time, and I would say that use of bastion hosts ranks #2 on my list of things that tell me your environment is not secure (right behind "we use fail2ban to protect us" as the #1 clue).
I've bought a bunch of companies and seriously evaluated hundreds of them, and the ones where people had a bastion host set up commonly seemed to act as if it protected them from everything, to the point where they just stopped worrying about security otherwise.
It gives a false sense of security and makes people put their guard down - like "OK, we have everything secured behind the firewall and only people who can log in to the bastion host, so there's no need for firewall rules or policies on the servers inside our firewall perimeter". Which inevitably breaks down over time as things get opened up to the internet, employees come and go, etc.
I can't tell you the number of companies where I look at their setup and their bastion host itself is root owned - since those hosts are always being used (and are tied to everything so you can't easily reboot or replace them), and are considered nothing more than a "tool" that you rarely actually have to look at, they don't get updated nearly enough and are neglected.
Not saying that bastion hosts are a bad idea - but just like any easy to use, easy to forget, high risk part of the stack, they are often a sign of inexperience and neglect elsewhere in the architecture.
(Yes, I know that there are plenty of big companies that use jump boxes without issue, and this jumpserver product is different, but I'm specifically talking about the idea of having one little machine that is open to SSH and then you bounce off of that to get into the "secured" machines, and all of this just based on my own experience and may not reflect yours)
observationist 16 hours ago [-]
At one of the top tier 1 ISPs in the world, there was a bastion host that allowed 2 teams of network engineers unfettered access to everything; once your permissions allowed you access to the bastion, you had everything. 50 some people with trivial credentialed access to network infrastructure that the world ran on; fatfinger a bgp config and you could take down countries. Swathes of cities were regular casualities of config mistakes, and if you locked yourself out without setting a reload in 5, it'd take an hour to get someone deployed.
That experience shattered my idea that the world was being operated by competent engineers and technicians, governed by sane policies, under the watchful care of good, knowledgable people.
The world is held together by beliefs and expectations and bubblegum and duct tape, and a few thousand people madly scrambling to keep it all running.
nextaccountic 7 hours ago [-]
> That experience shattered my idea that the world was being operated by competent engineers and technicians, governed by sane policies, under the watchful care of good, knowledgable people.
Reminds me the amount of debt that exists only as an entry in an excel spreadsheets somewhere. No database with high availability and regular backups and audit logs and access control and all of that, just a spreadsheet.
icedchai 15 hours ago [-]
Sounds like the 90’s early ISP experience scaled up. No firewalls, everything on public IPs, text files with global credentials in clear text…
jasongill 14 hours ago [-]
I have been transported back to the days of `conf t`, `enable password hunter2`, `show run`, `copy run start`
icedchai 12 hours ago [-]
And the days of hubs, not switches, telnet and rlogin, not SSH. A hacked host could potentially compromise your whole LAN.
esseph 11 hours ago [-]
A lot of that is still there in various ways.
htrp 16 hours ago [-]
> The world is held together by beliefs and expectations and bubblegum and duct tape, and a few thousand people madly scrambling to keep it all running.
Did most of the companies have external facing jump servers? I'd hope at least companies have internal-only and even then with strict internal network access policies (+VPN etc) and ldap authorization etc. Can't imagine that any competent orgs would have externally-facing ssh or windows bastion hosts.
xyzzy_plugh 12 hours ago [-]
I mean this earnestly: I greatly envy your ignorance.
indigodaddy 12 hours ago [-]
Ignorance? I did say "competent" didn't I?
jasongill 10 hours ago [-]
> Can't imagine that any competent orgs would have externally-facing ssh or windows bastion hosts.
I have seen shit that would turn you white.
PunchyHamster 12 hours ago [-]
Seriously "let's just put every single person thru one server unencrypted" is IDEAL place to attack.
At least in case of VPN you only tunnel then-encrypted (in most cases) traffic to servers - so at worst case you at least have protection of ssh/https
icedchai 12 hours ago [-]
Every "jump host" I've seen in the past 25+ years has used SSH externally.
denysvitali 18 hours ago [-]
I will never understand why SSH in such tools isn't native but always via some weird web UI...
I used to work for a company who allowed SSH only after jumping through Citrix => RDP => Putty => Jumphost => Target server.
Incredibly painful, also considering that each layer had a different keymap
17 hours ago [-]
booi 17 hours ago [-]
I think that's because what you're really looking for isn't a jump server but a zero-trust network like cloudflare access or beyondcorp. You want authorized native connections, not proxies in the typical sense (although they do end up being proxies but more like a L3 proxy not L7)
tonoto 15 hours ago [-]
What am I looking at? I'm not really sure, is it some sort of Citrix replacement?
I tried to look at the documentation but was left with more questions, the "free" version mentions "Linux server" (not even the GNU utilities?) and is just available as a curl | bash (but the apparently targets RHEL, Suse, Debian/Ubuntu and Alpine) and I started to glance through the git
I think I'll stick with wireguard, headscale, netbird or tailscale, depending on scenario.
gertrunde 14 hours ago [-]
More like a replacement for something like CyberArk than for Citrix.
It's not so much about the remote access as it is about control and auditing.
i.e. ability to permit/deny certain commands/behaviours, and a complete audit log of the session, sometimes extending to a screen recording of an rdp session.
usedtobegood 11 hours ago [-]
My org is looking at dispel.io
I think it is more about paying someone else for “security” than whatever the product actually is and does.
rickydroll 13 hours ago [-]
At first glance, it looks like a parallel-universe Linux version of JumpCloud.
(side note: always say the attackers were from North Korea.)
esseph 11 hours ago [-]
Not really.
There is nothing immune to breaches and NK has some of the best and most persistent State-backed cybersecurity threats in the world.
recursivegirth 12 hours ago [-]
Aside concerns that this is not mature and may possible be built using AI-driven development. Does this not just put every resource behind a single point of failure?
esseph 11 hours ago [-]
In an enterprise style deployment you (in theory) would be geographically clustering endpoints, where each entrypoint into the network has a cache of access permissions and resources.
I can't tell if this app supports that without digging through the docs (that don't seem to exist) or the code (that I don't care to browse), but that's how a typical zerotrust deployment works.
gizzlon 16 hours ago [-]
Via a web browser? And the default password is ChangeMe ? :O
GuestFAUniverse 15 hours ago [-]
The amount of code and components in that repo baffles me.
I doubt that is anywhere near of "safe to use".
jbird99 15 hours ago [-]
This looks like a less trustworthy version of Apache Guacamole.
esseph 11 hours ago [-]
Not event remotely the same kind of product.
This is for creating extremely fined grained permissions, controls, and auditing between users, devices, applications, and infrastructure, bound with IAM.
Like you can give Sarah access with her Passkey to port 4345 on Sunday to 6 of the 47 network switches, but only if she logs in from the EU with her Pixel device using a particular app and hits the Swedish network entry point.
flossly 14 hours ago [-]
I used Bastion before. I'd not be too happy using an interpeted language like Python (that has eval capabilities) for this kind of purpose.
We used it a lot at first, but as our setup got more mature we rarely needed to SSH to our application servers/containers.
In my current project, I did not even setup smth like this.
I've bought a bunch of companies and seriously evaluated hundreds of them, and the ones where people had a bastion host set up commonly seemed to act as if it protected them from everything, to the point where they just stopped worrying about security otherwise.
It gives a false sense of security and makes people put their guard down - like "OK, we have everything secured behind the firewall and only people who can log in to the bastion host, so there's no need for firewall rules or policies on the servers inside our firewall perimeter". Which inevitably breaks down over time as things get opened up to the internet, employees come and go, etc.
I can't tell you the number of companies where I look at their setup and their bastion host itself is root owned - since those hosts are always being used (and are tied to everything so you can't easily reboot or replace them), and are considered nothing more than a "tool" that you rarely actually have to look at, they don't get updated nearly enough and are neglected.
Not saying that bastion hosts are a bad idea - but just like any easy to use, easy to forget, high risk part of the stack, they are often a sign of inexperience and neglect elsewhere in the architecture.
(Yes, I know that there are plenty of big companies that use jump boxes without issue, and this jumpserver product is different, but I'm specifically talking about the idea of having one little machine that is open to SSH and then you bounce off of that to get into the "secured" machines, and all of this just based on my own experience and may not reflect yours)
That experience shattered my idea that the world was being operated by competent engineers and technicians, governed by sane policies, under the watchful care of good, knowledgable people.
The world is held together by beliefs and expectations and bubblegum and duct tape, and a few thousand people madly scrambling to keep it all running.
Reminds me the amount of debt that exists only as an entry in an excel spreadsheets somewhere. No database with high availability and regular backups and audit logs and access control and all of that, just a spreadsheet.
Sounds like the AWS experience
I have seen shit that would turn you white.
At least in case of VPN you only tunnel then-encrypted (in most cases) traffic to servers - so at worst case you at least have protection of ssh/https
I used to work for a company who allowed SSH only after jumping through Citrix => RDP => Putty => Jumphost => Target server.
Incredibly painful, also considering that each layer had a different keymap
I tried to look at the documentation but was left with more questions, the "free" version mentions "Linux server" (not even the GNU utilities?) and is just available as a curl | bash (but the apparently targets RHEL, Suse, Debian/Ubuntu and Alpine) and I started to glance through the git
"mysqldump -uroot -h127.0.0.1 -p jumpserver -P3307"
I think I'll stick with wireguard, headscale, netbird or tailscale, depending on scenario.
It's not so much about the remote access as it is about control and auditing.
i.e. ability to permit/deny certain commands/behaviours, and a complete audit log of the session, sometimes extending to a screen recording of an rdp session.
I think it is more about paying someone else for “security” than whatever the product actually is and does.
https://www.bleepingcomputer.com/news/security/jumpcloud-bre...
(side note: always say the attackers were from North Korea.)
There is nothing immune to breaches and NK has some of the best and most persistent State-backed cybersecurity threats in the world.
I can't tell if this app supports that without digging through the docs (that don't seem to exist) or the code (that I don't care to browse), but that's how a typical zerotrust deployment works.
I doubt that is anywhere near of "safe to use".
This is for creating extremely fined grained permissions, controls, and auditing between users, devices, applications, and infrastructure, bound with IAM.
Like you can give Sarah access with her Passkey to port 4345 on Sunday to 6 of the 47 network switches, but only if she logs in from the EU with her Pixel device using a particular app and hits the Swedish network entry point.
We used it a lot at first, but as our setup got more mature we rarely needed to SSH to our application servers/containers.
In my current project, I did not even setup smth like this.