Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Not sure why the author does not advocate this.

Probably because the blog post is an advertisement for their product, which already allows you to implement bastion hosts as you describe.

From the bottom:

> Databases do not need to be exposed on the public Internet and can safely operate in air-gapped environments using Teleport’s built-in reverse tunnel subsystem.



Did not catch that. Sneaky self promotion there :)

Not sure what there reverse tunnel product is, but a bastion host is super easy to implement, just spin up an ec2 and walla.

Curious as to what value they are providing


Unsure whether you meant walla, but just in case this is what you meant: It's "voila", from French "et violà".

https://www.collinsdictionary.com/dictionary/french-english/...


They've been around a while, it actually seems quite cool. Bastion hosts are simple to setup, sure, but Teleport adds a whole bunch of porcelain on top, e.g. integration with SSO, web UI for administration, etc.

Haven't used them myself but I wouldn't be against trying it if in the market for something like that.


I find that porcelain has a very bad time in breaking when you least suspect it.

The same is true for server applications that have weird 3rd party dependencies that may go down when you least suspect it.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: