Hacker News new | past | comments | ask | show | jobs | submit login

But the AWS SSM agent doesn't listen on the network [0]. The connection is initiated by the agent towards the cloud API, so any commands that come in aren't new connections established over a possibly insecure network.

Of course, if the agent's verification of who it's talking to is as good as in the case of Azure, all bets are off.


[0] I've just checked this on an Ubuntu EC2 instance. The SSM agent is running, but it doesn't listen on any interface. No custom configuration was done it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact