Pritunl Zero
-
@aaronstuder said in Pritunl Zero:
Free and open source BeyondCorp server providing zero trust security for privileged access to ssh and web applications.
Anyone using this? Looks pretty good
I will check it out.
-
How do you find all this stuff, first? lol
-
So, is this a jumpbox? Or something similar? Trying to figure out where this would fit in the domain as a whole.
-
@coliver https://beyondcorp.com/
~BeyondCorp is a Zero Trust security framework modeled by Google that shifts access controls from the perimeter to individual devices and users. The end result allows employees to work securely from any location without the need for a traditional VPN.~
-
That's fine for marketing speak. But does it use a certificate on the local machine? I may have to setup one of these just to see how it is supposed to work.
-
It looks a lot like a proxy. In that you manage all of your public facing services to it, and let it manage the connects back into your network.
Not really sure how it works specifically besides that.
-
Going to their Gitlab website : gitlab.pritunl.com
lol. . uh didn't they say NO VPN?!
-
@dustinb3403 said in Pritunl Zero:
Going to their Gitlab website : gitlab.pritunl.com
lol. . uh didn't they say NO VPN?!
Right, I'm curious how this is supposed to work.
-
Looking at the demo, they are managing the connections by passing everything through this service. The client devices than need to be setup with a certificate or 2FA device to allow you to login.
At least that's what it seems like to my coffee lacking brain.
-
@dustinb3403 said in Pritunl Zero:
Looking at the demo, they are managing the connections by passing everything through this service. The client devices than need to be setup with a certificate or 2FA device to allow you to login.
At least that's what it seems like to my coffee lacking brain.
Ok that's what I was thinking. Not necessarily a bad thing but not altogether revolutionary.
-
My understanding is that a user visits a webpage, logs in, and they are able to reach internal web services.
At least that's what I am getting by looking at this:
https://docs.pritunl.com/docs/pritunl-zero-service
You can use it for SSH as well, too.
-
@aaronstuder said in Pritunl Zero:
My understanding is that a user visits a webpage, logs in, and they are able to reach internal web services.
At least that's what I am getting by looking at this:
https://docs.pritunl.com/docs/pritunl-zero-service
You can use it for SSH as well, too.
So it's a secure proxy with a landing page? Interesting. If you could tie 2FA into this I think that could an interesting tool.
-
@coliver That's my understanding but I could be completely wrong.
-
@coliver Sadly, that's only available in the paid editions:
-
It's a open source (free?) alternative to CloudFlare Access.
-
@aaronstuder said in Pritunl Zero:
It's a open source (free?) alternative to CloudFlare Access.
I wasn't aware of that product, either.
-
It looks like Vault or CloudFlare Access but less functionality.
-
@coliver said in Pritunl Zero:
@aaronstuder said in Pritunl Zero:
My understanding is that a user visits a webpage, logs in, and they are able to reach internal web services.
At least that's what I am getting by looking at this:
https://docs.pritunl.com/docs/pritunl-zero-service
You can use it for SSH as well, too.
So it's a secure proxy with a landing page? Interesting. If you could tie 2FA into this I think that could an interesting tool.
I don't believe that's what this is. From their guide it sounds like this works similarly to Vault. Instead of pushing out individual keys to servers you use this CAs pub key on each server. Users thrn request a cert from the CA that they use to log in.
Ah my bad. I thought he was saying that's how it works for SSH.