Hacker News new | past | comments | ask | show | jobs | submit login

My thoughts exactly--Having a fleet of client-side machinery open to the Internet sounds like a larger overall risk footprint than having one hosted solution. I'm guessing a bit part of this is just customer psychology and lack of education.



Why do you think it is opened to the Internet? May be just a box behind a NAT calling home and/or be part of closed VPN swarm.

I would love to hear how the management part got implemented.


The management works like this:

Every open3ABox has an open websocket connection to my server. I do the monitoring over this connection and for updates and support I tell the box over the websocket connection to forward a port via ssh to my server. The port will be automatically closed by the open3ABox after three hours.

This means no constantly open port and an encrypted connection where only my server is allowed to do a remote function execution (get monitoring values, open port, etc.) on the box.


That is very clever, I like it. Especially dependency on proven and simple technology. VPN swarm like e.g. ZeroTier which I was thinking about would be too complex and thus harder to maintain.

Thank you for the explanation!


Nice.

Reverse ssh tunnels are a really good way to manage stuff like that.


Thanks :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: