惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
D
Docker
有赞技术团队
有赞技术团队
WordPress大学
WordPress大学
Jina AI
Jina AI
小众软件
小众软件
Last Week in AI
Last Week in AI
Hugging Face - Blog
Hugging Face - Blog
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
美团技术团队
爱范儿
爱范儿
V
V2EX
大猫的无限游戏
大猫的无限游戏
人人都是产品经理
人人都是产品经理
J
Java Code Geeks
博客园 - 司徒正美
博客园 - 叶小钗
S
SegmentFault 最新的问题
量子位
S
Secure Thoughts
月光博客
月光博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
O
OpenAI News
L
LINUX DO - 最新话题
罗磊的独立博客
SecWiki News
SecWiki News
雷峰网
雷峰网
Recent Announcements
Recent Announcements
V2EX - 技术
V2EX - 技术
T
Tailwind CSS Blog
H
Hacker News: Front Page
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
云风的 BLOG
云风的 BLOG
Schneier on Security
Schneier on Security
T
The Blog of Author Tim Ferriss
IT之家
IT之家
博客园 - 聂微东
腾讯CDC
N
News | PayPal Newsroom
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Hacker News: Ask HN
Hacker News: Ask HN
aimingoo的专栏
aimingoo的专栏
Webroot Blog
Webroot Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
K
Kaspersky official blog

NetBird - Networking Knowledge Hub - RSS Feed

NetBird Is Now on the Vultr Marketplace Native NetBird on the GL.iNet Comet Pro (GL-RM10) NetBird v0.71 - IPv6 Overlay Addressing NetBird Exit Nodes - Appear at Home, or Anywhere Else Reporting Bugs and Requesting Features in NetBird Setup and Use Local AdGuard Home Anywhere with NetBird DNS How to Set Up NetBird on PiKVM for Secure Remote KVM Access NetBird v0.69 - CrowdSec IP Reputation for the Reverse Proxy Cloudflare Mesh vs NetBird vs Tailscale: Performance Compared Self-Hosting Nextcloud with Docker and NetBird Implementing Zero Trust with NetBird NetBird v0.67 - Layer 4 Proxy Support for TCP, UDP, and TLS Solwr Enhances Remote Connectivity with NetBird Self-Hosting NetBird with Authentik Jellyfin Media Server - Self-Host Your Movies, TV, and Music Cloudflare Tunnels vs. NetBird Reverse Proxy INFITX Builds Zero-Touch Kubernetes Networking with NetBird NetBird v0.66 - Expose Local Services to the Internet from the CLI Pangolin vs. NetBird Home Assistant Setup Guide with EASY Remote Access NetBird v0.65 - Built-in Reverse Proxy with Custom Domains Docker for Beginners - Everything You Need to Get Started NetBird for SOC 2 Compliance NetBird v0.63 - Custom DNS Zones for Private Network Resolution Vibecode This in a Weekend and Take 5% of the Company NetBird v0.62 - Built-in Local Users with Optional IdP Integration Top 5 Alternatives to OpenVPN Top 5 Open Source Alternatives to Tailscale Top 5 Alternatives to ZeroTier How to Set Up ZeroByte and REST Server for Backups with NetBird How to Install n8n v2.0 with NPM and PM2 ZeroTier vs. NetBird The Ultimate Immich Guide - Ditch Google and Amazon Photos for Good NetBird as Your Help with ISO 27001 Compliance NetBird and Huntress - Secure Network Access for MSPs How to Access Windows Shares from Anywhere with NetBird netgo Relies on Modern ZTNA with NetBird Connect to Your Homelab from Anywhere with a Raspberry Pi NetBird SSH - A New, Identity-Aware Approach The AI Mega Mesh: How to Connect 30+ GPU Cloud Providers Connect Multiple Ollama GPUs to OpenWebUI with NetBird Top 5 Tailscale Alternatives SSH and RDP, now in your browser NetBird–Acronis Integration: Empowering MSPs for Advanced Ransomware and Threat Defense Introducing the Control Center - Remote Access, Beautifully Visualized NetBird at MSP Global 2025 Understanding Overlay Networks - The Basics NetBird and SentinelOne Singularity™ - Automate Threat Response NetBird and Microsoft Intune - Enforcing Device Compliance for Zero Trust Rethinking Zero Trust Security with NetBird and pfSense Improving Unidirectional Access Control Proxmox VE for Beginners Guide with NetBird LXC Stronger Security: NetBird + GitHub Secure Open Source Fund NetBird's MSP Partner Program Signicat Enhances Cross-Cloud Accessibility with NetBird SonicWall SSL VPN NetExtender vs. NetBird NetBird Is Embracing the AGPLv3 License NetBird Profiles Have Landed - Manage Multiple Accounts Effortlessly Rethinking Access Control to Secure Your On-Premises SharePoint Servers Sport Alliance Increases Efficiency with Zero Trust Networking at Scale Rethinking Network Access: qwertiko Goes Zero Trust with NetBird Optimizing Network Efficiency with NetBird's Lazy Connections Use Port Ranges in Access Control Policies Generic HTTP Endpoint for Network Events Streaming NetBird’s Response to Spear-Phishing Campaign Targeting Financial Executives Zero-Trust Access to Internal Resources Without Installing Agents Enhance Network Visibility with NetBird’s Traffic Events Logging TrueNAS Made Easy - Install, Set Up, and Access From Anywhere Top 5 Alternatives for WireGuard Jump Hosts. Gateways for Remote Access NetBird Network Routes and Exit Nodes Security for All - SSO and MFA for Free Enhancing Network Access Control with NetBird's Identity Provider Feature Twingate vs. NetBird Limit Network Access Based on Running Applications FortiClient ZTNA vs. NetBird OpenVPN vs. NetBird Tailscale vs. NetBird Getting Started with an Azure Site-to-Site VPN Getting Started with an On-premise-to-AWS Site-to-Site VPN Secure Remote Access to VPCs, LANs, and Offices regreSSHion - A New OpenSSH Server Remote Code Execution Vulnerability Evolve Bank & Trust Data Breach. What Happened? What Is a Site-to-Site VPN? IPSec Tunneling Demystified. Enhancing Data Security Across Networks Understanding IPSec Tunnel and Transport Modes Understanding the Differences Between IKEv1 and IKEv2 Understanding the IKEv1 Protocol in IPSec ZeroTier versus NetBird - Which Should You Choose? AWS Lambda Serverless Security. Mistakes, Oversights, and Potential Vulnerabilities Using NetBird for Kubernetes Access Serverless Security Vulnerabilities and Best Practices to Mitigate Them Security Best Practices for Serverless Azure Functions A Guide to Remote Access Security for SMEs IoT Security Essentials. How to Achieve Secure Remote Access Open Source Zero Trust Networking Using SSH for Secure Remote Access How We Integrated Rosenpass in NetBird The First Quantum-Resistant Mesh VPN Using eBPF and XDP to Share Default DNS Port Between Multiple Resolvers
NetBird v0.61.0 - Granular SSH Access Control and Automatic Updates
Written byBrandon Hopkins · 2026-01-04 · via NetBird - Networking Knowledge Hub - RSS Feed

NetBird v0.61.0 builds on our SSH rewrite with fine-grained access control, letting you map NetBird user groups to specific local OS users on target machines. We're also introducing automatic client updates for Windows and macOS, keeping your fleet current without manual intervention.

Fine-Grained SSH Access Control

Version 0.60 brought identity-aware SSH to NetBird, authenticate via your IdP, use native OpenSSH, and get proper audit trails showing which person accessed which server. But there was still something missing with this new workflow; once authenticated, users had access to any local account on the target machine. In enterprise environments and even well-organized homelabs, that's rarely what you want.

v0.61.0 closes that gap with fine-grained SSH access control.

The Problem with All-or-Nothing Access

Consider a typical infrastructure setup: you have developers who need to deploy code, DBAs who manage databases, and sysadmins who handle everything else. Each of these roles should map to different local accounts on your servers:

  • Developers should SSH as or
  • DBAs should SSH as or
  • Sysadmins should SSH as or

Before v0.61.0, you could control whether someone could SSH into a machine, but not which local user they could access. If someone from the dev team could reach a database server, nothing prevented her from attempting to SSH as even if that wasn't that person's role. Thus, trusting everyone with access to act responsibly.

How Fine-Grained Control Works

The new implementation introduces a NetBird SSH protocol type in Access Control policies, distinct from generic TCP port 22 rules. When you create a policy using this protocol, you configure Authorized Groups that define explicit mappings between NetBird user groups and local OS users.

netbird ssh fine grained access policy

Here's what a typical configuration looks like:

Source GroupAllowed Local Users
Developersdeveloper, deploy
DBAspostgres
SysAdminsroot, admin

When someone attempts to SSH into a peer:

  1. They authenticate via OIDC to obtain a JWT token (same as v0.60 )
  2. NetBird checks if their user ID is authorized for this peer
  3. NetBird verifies they're allowed to access the specific local user they're requesting
  4. If both checks pass, the session is established

If a developer tries to SSH as on a database server where they're only authorized as , the connection is denied, even though they have network access to that machine.

Full Access vs. Limited Access

When configuring a NetBird SSH policy, you choose between two modes:

Full Access: Users in the source groups can SSH as any local user on destination machines. This maintains v0.60 behavior for teams that don't need granular restrictions.

Limited Access: You explicitly define which local users each group can access. This is the principle of least privilege applied to SSH, users get exactly the access they need and nothing more.

Security Model

The implementation follows a fail-closed model: if no mapping exists for a requested local user, access is denied by default. Combined with JWT authentication, this creates multiple layers of verification:

  • Network-level: ACL policies control which peers can communicate
  • Identity-level: OIDC authentication verifies who is connecting
  • Account-level: Authorized Groups control which local users they can access

Audit trails now show not just which person accessed which server, but which local account they used, critical information for compliance and incident response.

Automatic Client Updates (Beta)

Keeping NetBird clients updated across a fleet of machines has traditionally required manual intervention or relying on other people in your networks to manually upgrade. v0.61.0 introduces automatic client updates for Windows and macOS, letting you ensure your network stays current without reaching out to users or interacting with each machine individually.

How It Works

When enabled, the update process is straightforward:

  1. Client connects to the Management server and receives current update settings
  2. Client compares its version against the configured target version
  3. If running an older version, a notification appears and the update begins
  4. Client downloads the update package from NetBird's official repository
  5. Update installs and the client restarts automatically

Updates are triggered on connection, not on a schedule. This means long-running peers that stay connected won't automatically update mid active connection. A future release will address periodic update checks for always-on infrastructure.

Enabling Auto-Updates

Navigate to Settings → Clients in the NetBird dashboard and enable "Automatic Updates." You can configure updates to either:

  • Latest stable version: Clients always update to the newest release
  • Specific version: Pin clients to a particular version for controlled rollouts

auto-update dashboard

The feature is disabled by default; you opt in when you're ready. Users can also enable updates locally via Settings → Client in the NetBird application.

Platform Support

Automatic updates currently support Windows and macOS only. Linux support isn't available due to the variety of distributions and package managers, though future releases may add support for popular distributions.

Notes on Behavior

  • Updates only trigger when the UI is running and the client connects
  • If download or installation fails (network issues, permissions), an error notification appears but the client won't retry until the next restart
  • All notifications require the NetBird UI to be running with notifications enabled

Migration Path: Breaking Changes for Self-Hosted

This is a breaking change for self-hosted deployments. The fine-grained SSH access control requires coordination between Management server and clients. If you upgrade clients before the Management server, SSH access will break.

Upgrade Order

  1. Update Management server to v0.61.0
  2. Update dashboard to v0.61.0
  3. Update SSH server peers (machines people connect to)
  4. Update SSH client peers (machines people connect from)
  5. Create NetBird SSH policies with Authorized Groups configuration

Creating Your First Fine-Grained Policy

  1. Navigate to Access Control in the dashboard
  2. Create a new policy with NetBird SSH as the protocol
  3. Set your source groups (who connects)
  4. Set your destination groups (which servers)
  5. Under SSH Access, choose Limited Access
  6. Configure local user mappings for each source group
  7. Enable and save

Existing TCP port 22 policies continue working for basic network-level SSH access. The new NetBird SSH protocol adds the fine-grained layer on top.

For detailed configuration options and troubleshooting, check out our SSH documentation and Auto-Update documentation .