Closed
Description
PAIN POINT
ATM we can't scw exec
on some machine with no public IP attached.
DIAGNOSTIC
exec
CMD looks to rely on a call to utils.SSHExec.
So... we could use some ssh tunneling to keep it working under this kind of circumstances.
PROPOSALS
- Scaleway brings a very secured SSH Gateway for all of its customers. scw uses this ssh gateway for all machines without public IP. Cons: it's not easy to provide & maintain a very secured service of that kind.
- Customers can use one of their machines with public IP to access to their backend machine. This is probably the best solution.
Whatever the solution, exec
can have an option -g, --gateway=SERVER
. Also, a general exec_gateway
config parameter could be set to avoid passing this parameter at each exec call.