10 comments

[ 1.7 ms ] story [ 35.1 ms ] thread
People still use SSH these days?

I kid, but really you probably shouldn't on Production. You should be exporting your logs and everything else. The host or VM bootstrapped golden images with everything as needed.

It is okay to start that way and figure out your enternals but that isn't for Production. Production is a locked down closed environment.

People still use production environment?

The software world feels more like a test only environment.

How do you properly investigate a performance, stability or security issue in your production environment in that scenario? Perhaps logs are enough for some things, but unless you have massive replay infrastructure and a complete duplicate of all data running live, you'll have some serious challenges there, and investigating a security issue with that sort of setup sounds like a nightmare to me. "DB got dumped last week and we just wiped all the evidence with this mornings deployment".
> Performance

I what is SSH going to allow you to do here that’s not covered by logs + APM? I’m honestly not sure I’ve debugged 1 performance issue in 10 years over SSH.

> Stability

Ditto.

> Security

This one I understand slightly better, but I think syslogs and network (application) logs have you pretty well-covered here.

> massive replay infrastructure and a complete duplicate of all data running live

… assuming you had this, and could SSH into it, you’re going to do what over SSH?

> "DB got dumped last week and we just wiped all the evidence with this mornings deployment".

SSH doesn’t help you here. If doing this release pattern is problematic for the reasons discussed already I suggest this points to a deep flaw in your performance, stability, and security strategy.

You still need access, but surely putting SSH behind WireGuard or Tailscale is a better way.
(comment deleted)
Then what are people supposed to use for remote servers? Should we fly to the sight and use a serial terminal? Like wtf are you even talking about.
(comment deleted)