#bastion — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #bastion, aggregated by home.social.
-
Budapest by Vagelis Pikoulas
https://tmblr.co/Z7VXvxj61MXnui00
#budapest #buda #pest #hungary #canon #r6 #r62 #r6ii #hungarian #parliament #view #city #cityscape #architecture #landscape #landmark #sunrise #castle #rf #1435 #1435mm #november #autumn #2025 #europe #travel #fishermen #bastion #flickr #thingsdavidlikes
-
Budapest by Vagelis Pikoulas
https://tmblr.co/Z7VXvxj61MXnui00
#budapest #buda #pest #hungary #canon #r6 #r62 #r6ii #hungarian #parliament #view #city #cityscape #architecture #landscape #landmark #sunrise #castle #rf #1435 #1435mm #november #autumn #2025 #europe #travel #fishermen #bastion #flickr #thingsdavidlikes
-
Budapest by Vagelis Pikoulas
https://tmblr.co/Z7VXvxj61MXnui00
#budapest #buda #pest #hungary #canon #r6 #r62 #r6ii #hungarian #parliament #view #city #cityscape #architecture #landscape #landmark #sunrise #castle #rf #1435 #1435mm #november #autumn #2025 #europe #travel #fishermen #bastion #flickr #thingsdavidlikes
-
Budapest by Vagelis Pikoulas
https://tmblr.co/Z7VXvxj61MXnui00
#budapest #buda #pest #hungary #canon #r6 #r62 #r6ii #hungarian #parliament #view #city #cityscape #architecture #landscape #landmark #sunrise #castle #rf #1435 #1435mm #november #autumn #2025 #europe #travel #fishermen #bastion #flickr #thingsdavidlikes
-
Budapest by Vagelis Pikoulas
https://tmblr.co/Z7VXvxj61MXnui00
#budapest #buda #pest #hungary #canon #r6 #r62 #r6ii #hungarian #parliament #view #city #cityscape #architecture #landscape #landmark #sunrise #castle #rf #1435 #1435mm #november #autumn #2025 #europe #travel #fishermen #bastion #flickr #thingsdavidlikes
-
We've reached the end of the road...
Let's Play #Bastion (Blind) - The Tazal Terminals - Part 13
#Supergiant #WB #RetroGaming
https://www.youtube.com/watch?v=FokACPIt-7M -
Hey, I need help with #AWS #RDS.
I've this #Postgresql #RDS in private subnets.
I want to access it with the #psql cli (or any client really).I see two ways.
One, which I find easy, with an #EC2 that acts as a #Bastion with #SSM so it remains private but requires a tunnel.
And one with a #RDSProxy exposed via a #NLB which is more involved but requires no tunnel.Is there any other approach?
Something so obvious I missed it?Thanks for your time and boosts in advance 🙇
EDIT: solution below
-
Als letztes Ziel stand noch das #Duncannon_Fort auf dem Plan, dass nur während einer #Führung besichtigt werden kann. Die beeindruckende #Festung mit #Bastion auf der #Hook_Halbinsel, blickt auf 450 Jahre Geschichte zurück. Das #Sternfort hat dabei zahllose faszinierende und ehrfurchtgebietende Ereignisse überstanden und ist, ganz nebenbei, einer der besten Aussichtspunkte, von dem aus man die wunderschöne #Waterford_Mündung betrachten kann.
#Irland
#Aixam
#Ring_of_Hook
#History
#Geschichte -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
