Our great sponsors
-
Ockam
Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
sshd-cloudflared
Access you work directory from anywhere using a Dockerised SSH daemon tunnelled through cloudflare. Debug your GitHub workflows with SSH tunnelled through cloudflare.
We’ve been working on something (https://github.com/build-trust/ockam) that enables exactly this, among a whole host of other use cases. If you check out some of the code examples in the docs you’ll see how to setup a tunnel using the CLI.
For other use cases there’s also the programming libraries (only Rust atm, though I was spiking a TypeScript/Node PoC this week) which might provide more flexibility. Personally I’m excited by the idea of being able to move this kind of secure by design connectivity all the way into the application layer though.
I wrote something tangentially related, but for single user.
"gofwd" is a cross-platform TCP port forwarder with Duo 2FA and Geographic IP integration. Its use case is to help protect services when using a VPN is not possible. Before a connection is forwarded, the remote IP address is geographically checked against city, region (state), and/or country. Distance (in miles) can also be used. If this condition is satisfied, a Duo 2FA request can then be sent to a mobile device. The connection is only forwarded after Duo has verified the user.
https://github.com/jftuga/gofwd
I wrote something similar to be able to run vscode against any remote machine. This was before vscode's own tunnels.
https://github.com/efrecon/sshd-cloudflared
It automatically runs a dockerised sshd to access your directory. The sshd is configured using your github's keys to protect access.