#bastion (2024-08)

https://github.com/cloudposse/bastion

Discuss cloudposse/bastion

2024-08-11

Jason Wilson avatar
Jason Wilson
08:30:51 AM

Have been using the bastion on my home server as a SSH gateway into my home network - noticed that OpenSSH is quite old (9.3p1) and has known vulnerabilities, what/how would I go about updating to a more recent version? Can see bastion has various custom patches for both alpine and itself for openssh, not sure how/if they can just be applied. If nobody else doing then I will look at myself, or look at some other ssh bastion image/tool

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
01:20:25 PM

Ya, unfortunately we are not able to help maintain it, as we have no customers sponsoring its maintenance.

Bear in mind the recent SSH vulnerability requires glibc, which does not exist on alpine.

Jason Wilson avatar
Jason Wilson
12:47:36 AM

Thanks for that, understand - will look at other options

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:46:13 PM

We use predominantly Teleport or AWS Session Manager SSH over SSM

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:46:53 PM

Also, consider Cloud Shell https://aws.amazon.com/about-aws/whats-new/2024/01/aws-cloudshell-docker-13-regions/

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:47:16 PM


bastion on my home server as a SSH gateway into my home network

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:47:21 PM

Oh, never mind my suggestions

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:47:22 PM

2024-08-12

    keyboard_arrow_up