Gravitational Teleport VS Pomerium

To save others the search: https://github.com/gravitational/teleport/pull/35259 Apache to AGPLv3

This repo still has AGPL… and another license…

Not sure if AGPL covers all areas of the codebase?

https://github.com/gravitational/teleport

For the SSH case mentioned in the article, `ssh -R` trick should already resolve some one-time contingencies (assuming SSH connection is not blocked).

But if you find yourself requesting `ssh -R` too often, maybe just ask those datacenter people to setup a proper SSH Bastion for you. There are opensource solutions and enterprise-level ones (Teleport for example: https://github.com/gravitational/teleport), some also allows you to do audit and access control, which maybe important if you work for a enterprise client.

Teleport - Comprehensive control plane tool, but also supports accessing apps behind NATs. Written in Go.

https://github.com/gravitational/teleport/blob/master/rfd/00...

I ordinarily would have said you reinvented Teleport <https://github.com/gravitational/teleport/tree/v14.3.7#readm...> but now that they've gone AGPL with v15 I'm guessing there's a market for MIT licensed stuff, although for sure since Teleport has been around for so long it has encountered more edge cases and undergone more security reviews. I was surprised while digging up the link that Gravatational is still releasing v13 and v14 updates under Apache 2, so maybe even Teleport will continue to have legs for those who cannot deploy AGPL stuff

Teleport is an SSH for Clusters and Teams and aims to be the drop-in replacement for OpenSSH.

Are you looking to set up SSO for your cloud infrastructure? Or maybe establish tunnels to access services behind NATs and firewalls. Then Teleport is for you. It provides connectivity, authentication, access controls and audit for infrastructure. The newest update has a tonne of new features and improvements including enhanced device trust support, SSH connection resumption, MFA for admin actions, improved provisioning for Okta, and heaps. more. Check out all the changes in the Teleport release notes.

In case you didn't see it: https://goteleport.com/blog/teleport-oss-switches-to-agpl-v3... and https://github.com/gravitational/teleport/pull/35259

I readily admit it's not the same amount of :fu: as BuSL or whatever the fuck is going on over at Sentry but still :-( as compared to their much friendlier Apache 2

Link to GitHub -->

View on GitHub

Option 3: Pomerium might be an alternative as well.

That is not how you do Zero Trust. You want to use an Identity Aware Proxy. There are lots of ways you can implement this with Google as your core auth. For example Pomerium or oauth2-proxy.

I’m really surprised this sub has no love for Pomerium. I feel like it’s as simple as Caddy with all the security benefits of Traefik.

I am not sure if I understand how Pomerium works (or any identity-aware proxy).

Pomerium sidecar.

Just want to drop https://www.pomerium.com/ here. We use it at our company with ~1500 people with many apps behind the proxy. It also supports JWT for the backend, so you can integrate your apps easily without having to worry about the OAuth flow and also your apps are protected from random internet attacks.

You’ve got to protect. Anonymity is not going to work. Pomerium is another option in addition to those already suggested. https://github.com/pomerium/pomerium

I am currently looking at Wireguard/Tailscale (Wireguard based) options - early days for me so far. Also planning to look at something like Pomerium for a zero trust approach. https://www.pomerium.com/