I've seen this type of SSH/rsync access used many times (and have used it myself to great effect), but it is worth considering if you feel confident being able to sufficiently secure the ssh access in your threat model. Your system, if compromised, could serve as an ingress and pivot to other systems within your customer's perimeter. I would say that is why you might get recommendations to avoid SSH altogether and use something like grpc or MQTT, and to limit the scope of the lateral access through the systems. I think it's worth worrying about that, and using a vpn and issuing per-device certificates is worthwhile, but I am also painfully aware of the ins and outs of managing those parts of the system. If you're not particularly worried about that part of the threat model, or you feel like you have all the bases covered, I think your ssh/proxy strategy would work, probably even with the reverse proxy utility you mentioned, although I'm not sure how well that specific component supports the user access control you might need.
Eldon -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/ZBKlCNKkBy98YRx7%40invalid.
