DEV Community

Cover image for All your ssh and database servers accessible directly from your Browser

All your ssh and database servers accessible directly from your Browser

Andree Toonk on June 30, 2023

This post was originally posted on the Border0.com blog here Today we’re excited to welcome you to a new era of seamless infrastructure management...
Collapse
 
edyzakaria profile image
edyzakaria

I am excited to border0 infra tool, however, is this border0 have any security test result? Or have any more security info?

Collapse
 
atoonk profile image
Andree Toonk • Edited

@edyzakaria awesome! We are fully SOC2 compliant, which includes many best practices and pentests. Also see trust.border0.com/

Collapse
 
bursa_akselerasi_7a04d7b9 profile image
bursa akselerasi

how if we have IP whitelist for accessing (for example) mongo atlas

Collapse
 
atoonk profile image
Andree Toonk

hi @bursa_akselerasi_7a04d7b9 great question.
If you have IP allow listing on your origin database server, then you need to make sure to white list the border0 connector. The connector is software you run in your environment and acts as the bridge between your network and ours. The connector is also the only one that needs to know for example the upstream (database) credentials.

The connector can also act as a discovery engine, ie. it can find Docker resources, ec2 instances, ECS containers, or even using a port scanner finding open SSH ports on your network and make them available through border0.

Since the connector runs in your private network, and all it needs is an outbound (NAT) like connection, you can now also make these private machines and databases available, without the need for a VPN.

You can use Border0 policies (access lists) to control who should have access to what resources based on their SSO credentials, IP address, time of day, date, geolocation, or even Pagerduty on-call status.

also check out our Youtube and Blog for more examples. Or the docs page

Collapse
 
joancomasfdz profile image
Joan Comas Fernandez

Very nice solution, thanks for sharing!

Do you have any offline / on premise support? Like a docker image or so?

Thanks

Collapse
 
atoonk profile image
Andree Toonk

Thanks @joancomasfdz

There's a Docker image for the connector (more details below) here: ghcr.io/borderzero/border0
You can find a Docker compose example here: docs.border0.com/docs/docker-compose

Border0 is offered as a service; we have no fully self-hosted option today. The upside is that it's easy to get started with; just click it together in our portal. We're also SOC2 type II certified see trust.border0.com/ and border0.com/blogs/border0-achieves...

As part of this, you do run a connector in your environment that acts as the bridge between your infra and our servers. The connector can run behind NAT, so no firewall changes are needed. Together we make all your services available and secure.

So you can make private instances, ie. machines and services in a private network, available using border0. In fact, that's one of its strengths. You can learn more about on our blog here (various examples) border0.com/blog or see some of the other videos.

Collapse
 
moopet profile image
Ben Sinclair

This looks quite pretty, and I've just given it the one-minute workout. Going in with no expectations (which is how I like to try things out) I clicked on some of the cards at random. I had a few issues, though:

If you click a "mysql" card, you get taken to a database viewer tool, where you can use the GUI, or enter a query directly, and export the results as a CSV. Kind of like a cut-down PHPMyadmin, with just the basic things you need. Good.

If you click a "bastion" card it sometimes opens a shell to the server and sometimes opens a new window with a copy of the entire website in it instead. Good if it was consistent.

If you click a "webserver" card, it takes you to a demo website, rather than (as I hoped) a page about the webserver status or configration and when I clicked "back", it told me:

"Oops!, something went wrong [...] You may have pressed the back button". Not so good! Why shouldn't I be able to use the regular browser controls?

I'm not sure what the pastebin cards are for - I know what a pastebin is but not why there would be specific ones for specific purposes in a dashboard such as this. When you click one, you see a page reading, "In case this message never disappears please have a look at this FAQ for information to troubleshoot" and that's all. I think this is a bug.

Collapse
 
atoonk profile image
Andree Toonk

Hi @moopet Thansk for the feedback and giving it a spin! We'll take a closer look at your feedback. Glad you liked the look and feel.
The 'cut-down PHPMyadmin' is spot on. kind of re-imagined (well,redesigned). We'll hope to add some of the many features of PHPMyadmin in there over time. One of the big things is obviously, that as user when you accessed the mysql instance, you were doing all that with just your SSO credentials. So a nice drop in SSO 'firewall' for your databases. Even if they run in a pivate network

I'm not sure what caused the intermittend issues with your SSH access, where sometimes you see the complete website loaded again in a new window. I haven't been able to reproduce or see that. If you can reliable reproduce that, feel free to send me a message with data (ideally a recording) at andree at border0 dot com. would love to get to the bottom of that.

The HTTP and Pastebin and Grafana examples are just there as example, internal website examples. In the real world these would be your wiki, docs, jira, or what ever internal apps you may have. When i say internal, i mean apps for which you typically use a VPN. Could even be your grafana, or Pi instance behind Nat at home for example.

Collapse
 
moopet profile image
Ben Sinclair

That all makes sense. I looked again and don't see the same issues, but if they appear again I'll send you a recording if I can.

Thread Thread
 
atoonk profile image
Andree Toonk

awesome, thanks for letting me know Ben.

Collapse
 
sirjamesbrown profile image
James Brown

Is there a timeline for noSQL services?

Collapse
 
atoonk profile image
Andree Toonk

Hi @sirjamesbrown any specific noSQL services you're interested in?
feel free to ping me at andree at border0.com We'd be happy to work with you

Collapse
 
hong_1 profile image
George

This looks pretty. Just tried the demo and really like the web based SSH browser. will look into how to log in to all my ec2 instances using this. Whoop!

Collapse
 
iol_loi_45dc190086af5378d profile image
iol loi

Hi friends, I need lots of random shells every day!!!
Clean Site
Random DA
Random IP
can Upload and Edit
If you have please DM me,I will give you good price!
I look forward to long-term, stable and sincere cooperation!
If you sell webshell, please DM TG:t.me/echo_0_0