top | item 46146836

(no title)

gnyman | 2 months ago

This is nice and for those who's asking, it's different from ngrok and the others in that you don't need a separate client, (almost) everyone has ssh installed.

To the author, I wish you best of luck with this but be aware (if you aren't) this will attract all kind of bad and malicious users who want nothing more than a "clean" IP to funnel their badness through.

serveo.net [2] tried it 8 years ago, but when I wanted to use it I at some point I found it was no longer working, as I remember the author said there was too much abuse for him to maintain it as a free service

I ended up self-hosting sish https://docs.ssi.sh instead.

Even the the ones where you have to register like cloudflare tunnels and ngrok are full of malware, which is not a risk to you as a user but means they are often blocked.

Also a little rant, tailscale has their own one also called funnel. It has the benefit of being end-to-end encrypted (in theory) but the downside that you are announcing your service to the world through the certificate transparency logs. So your little dev project will have bots hammering on it (and trying to take your .git folder) within seconds from you activating the funnel. So make sure your little project is ready for the internet with auth and has nothing sensitive at guessable paths.

[2] https://news.ycombinator.com/item?id=14842951

discuss

apitman|2 months ago

A few other options as well: https://github.com/anderspitman/awesome-tunneling

kej|2 months ago

Just want to say that I appreciate you maintaining this list. It's one of those things I need to do every now and then, so having a place that gives me a current summary of the options is very handy.

klipitkas|2 months ago

Thanks for the kind words. I hope I won't have to close this service in a few days due to abuse but its a weird world we live in.

jjcm|2 months ago

As someone who has launched something free on HN before, the resulting signups were around 1/3rd valid users doing cool things and checking things out, and 2/3rds nefarious users.

ValdikSS|2 months ago

My service (which doesn't have public access, only via SSH as a client) was used by a ransomware gang, which involved the service in investigation from Dutch CERT and Dubai police.

It's still live though.

patricklorio|2 months ago

I run playit.gg. Abuse is a big problem on our free tier. I’d get https://github.com/projectdiscovery/nuclei setup to scan your online endpoints and autoban detections of c2 servers.

pcthrowaway|2 months ago

Do you have funding to cover the paying the bandwidth costs which will ultimately result from this? Or if you're running this from a home network, does anyone know if OP should be concerned of running into issues with their ISP?

dlenski|2 months ago

Dare I ask how much bandwidth it is consuming?

sorz|2 months ago

Random thoughts: one can get user's ssh public keys from GitHub on the fly (from `https://github.com/<username>.keys`), so that it requires a valid GitHub account to use this service, without (extra) auth process.

resiros|2 months ago

It would be nice to have an open-source version that you can self-host. That would solve the abuse problem. Maybe with a service to create API keys.

klipitkas|2 months ago

Yeah, this is the next step. I first wanted to understand if this gets any traction. I think I will provide a dockerized version for the server part that you can just run with a simple command and maybe some interface to create api keys and distribute them to your users.

cyberax|2 months ago

We're using pgrok for that in our organization. A small EC2 instance serves as the public endpoint.

LelouBil|2 months ago

OpenSSH is preinstalled on Windows as well, so I think it's not a stretch to say everyone has ssh now.