Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One simple reason is that the serverside might not want to expose a shell to its clients, and instead just provide network connectivity; you can configure something like that with SSH, but it's a pain, and WireGuard is approximately as simple to set up as SSH, which is the primary reason it's so popular.


And it's crypto is "very good" (so I've heard, not an expert)

And it's fast/low overhead.

And yea, surprisingly easy, "just works"

I lurk their maillist, seems a nice group.


It is very good, it is objectively better in a lot of ways than legacy DNS protocols. But it's popularity is, I think, mostly because of ease-of-use.


Is it a pain? As far as I know, all that's needed is to insert restrict,command="/sbin/nologin",port-forwarding before the user's key in authorized_keys. You can add more security by using a separate user, but individual Unix users for each client are not^W^Wshould not be necessary for security.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: