Wouldn’t ssh with systemd or auto ssh be a more secure means of remote access to apps (like http/https apps) than the zero trust network access solutions (like Cloudflare Tunnels which terminates the TLS) or even Tailscale (which should be a trusted third party)?
You set up public key authentication with SSH to a reverse proxy, a persistent tunnel, and a socks proxy. In a Firefox profile, you set localhost:port. Done! All your services are available in that browser all the time.
Autossh with a reverse ssh tunnel can also be used to expose an internal service to the Internet through a VPS.
SSH has been very secure over the decades. A good feature of SSH is that it can jump from host to host, unlike VPN.
SSH protocol does not protect against weak configuration, e.g. password authentication without brute force mitigation. Zero-trust can be misconfigured too, so it depends how well either of them is configured.
You set up public key authentication with SSH to a reverse proxy, a persistent tunnel, and a socks proxy. In a Firefox profile, you set localhost:port. Done! All your services are available in that browser all the time.
Autossh with a reverse ssh tunnel can also be used to expose an internal service to the Internet through a VPS.
SSH has been very secure over the decades. A good feature of SSH is that it can jump from host to host, unlike VPN.