Explore the lessons learned from building a BeyondCorp-inspired SSH proxy in this 43-minute LASCON conference talk. Delve into the implementation of a zero-trust security model that authenticates and authorizes users and devices before granting access to services, eliminating the need for traditional VPN solutions. Discover how this approach extends beyond SSH, covering topics such as Chrome Secure Shell, WebSockets, server implementation using CycloneHTTP, SSH configuration, and local proxy setup. Gain insights into handling connections, message reception, and data processing, while also examining the benefits and challenges of this security paradigm. Conclude with references and latency considerations for a comprehensive understanding of BeyondCorp-style access control.
From Zero to Zero-Trust: Building a BeyondCorp SSH Proxy - Lessons Learned
Overview
Syllabus
Agenda
BeyondCorp
Access Proxy
SSH
Any SSH
Chrome Secure Shell
Native Client
SSH Relay
HTTP to SSH Relay
WebSockets
Close Control Frame
WebSocket
WebSocket Frame
ACK Offset
Retransmission Buffer
Server Implementation
Cyclone
HTTP Handlers
SSH Proxy
Connect
Host Options
Proxy Command
SSH Configuration
Relay Host
Local HTTP Server
Local Proxy
Session Object
Global Variable
Connect Handler
New Connections
Call Back
Receive Messages
Message Received
Data Received
Misc Things
The Good News
References
Latency
Taught by
LASCON
