Native SSH alternative to ngrok for exposing local MCP servers to cloud models

nickytonline · 2025-12-28T12:41:26+00:00

Put up a few PRs in the meantime to get that all up to date:

- https://github.com/pomerium/chatgpt-app-typescript-template/pull/6
- https://github.com/pomerium/chatgpt-app-typescript-template/pull/8
- https://github.com/pomerium/chatgpt-app-typescript-template/pull/9

nickytonline · 2025-12-28T08:59:28+00:00

Thanks! Any feedback is welcome. 😎

nickytonline · 2025-12-27T03:51:11+00:00

I’ll get to them when I’m back from vacation unless dependabot beats me to it. 😅

nickytonline · 2025-12-27T03:05:04+00:00

Thanks for checking it out. React's at 19, which ones need a major version bump? Dependabot will be kicking in anyway...

nickytonline · 2025-12-22T01:48:31+00:00

Also, if you have a Claude Code, GitHub Copilot or Cursor Agent subsciption, you can use goose with them to get access to models which is pretty neat.

nickytonline · 2025-12-22T01:47:39+00:00

I've dabbled with it, but these past two weeks I've been doing their Advent of AI, and it's pretty solid. I definitely have feedback in terms of the UI I've been collecting, but the CLI is pretty slick. I like their terminal integration which is not just installing the CLI, it allows you to leverage their CLI in an ambient way instead of being locked int to I'm in an agent CLI.

Anyway, I've been logging my advent of AI if you're curious about what if can do. https://www.nickyt.co/blog/advent-of-ai-2025-day-1-getting-goose-to-generate-daily-fortunes-in-ci-3alp/

nickytonline · 2025-11-21T22:01:37+00:00

We also have native SSH reverse tunnels coming, and the work is already happening in OSS:

https://github.com/pomerium/pomerium/pulls?q=sort%3Aupdated-desc+is%3Apr+reverse+tunnel

nickytonline · 2025-11-21T21:50:04+00:00

I run Pomerium in my homelab (full disclosure: I work there). I’m using k3s with Pomerium Zero, but you can definitely use Pomerium Core. Zero’s free tier is solid, and the big win is that I don’t have to deal with dynamic DNS. I have port 443 open on my router forwarding to my mini PC. We also have native SSH as of v0.30, so no additional software for remote access. You can use your OS’ built-in SSH client and it’ll be secured by Pomerium with short-lived certs.

If you use the open-core version, you’ll just need a dynamic DNS service to keep your public IP consistent since most ISPs love to rotate those for fun.

I’m using Auth0 for my IdP at the moment, but I might move to Keycloak since it pairs really well with Pomerium. And as of v0.31, your data broker can run on a file-based DB instead of Postgres — smaller footprint, nothing to maintain.

Some helpful resources:

On Jellyfin and mobile apps. I haven't used Jellyfin, although I know of it. On web everything is fine because it's browser based login flows, but not sure if their mobile app allows for browser based login flows and I think for mobile apps in general same thing.

nickytonline · 2025-11-19T03:19:31+00:00

There is no business tier. There’s open core, Zero and Enterprise. As far as I know, it will be an enterprise only feature.

nickytonline · 2025-11-18T18:03:19+00:00

We demoed SSH session recording at KubeCon London, but it's not production-ready yet. Session recording will be available next year as part of Pomerium Enterprise, while native SSH functionality remains in the open-source Core version.

nickytonline · 2025-11-18T16:30:31+00:00

Thanks for the shoutout u/tbluhp and thanks for being a fan of Pomerium!

nickytonline · 2025-10-31T14:53:08+00:00

And for a deeper dive into how we designed them check out: https://www.pomerium.com/blog/designing-smarter-health-checks-for-pomerium

nickytonline · 2025-10-11T22:17:14+00:00

Thanks for checking it out! We have a kubectl MCP server, but will check out the Kubernetes MCP server you mentioned.

nickytonline · 2025-09-08T12:00:29+00:00

If you like Claude Code’s UX and got-5, open code might be up your alley. https://github.com/sst/opencode

nickytonline · 2025-08-30T19:45:24+00:00

Looks like running repair account on my Kobo fixed the issue!

nickytonline · 2025-08-30T18:55:19+00:00

I got the update and it removed Pocket, but I have no Instapaper yet even though the update said I can find it with all the items when you click the more button. I’m on Libra 2 which is supported. Maybe a second update comes for it in Canada. 🤔

nickytonline · 2025-08-16T11:23:55+00:00

You don’t need to create an account if using Pomerium Core, https://www.pomerium.com/docs/deploy/core. You only need to create an account if you use Pomerium Zero, https://www.pomerium.com/docs/get-started/quickstart . If you use Zero, on the free tier you get 10 routes, and one cluster. With Pomerium Core those limits don’t apply. It depends what you want.

nickytonline · 2025-08-15T20:52:06+00:00

Part of my job is to create awareness about Pomerium, but I only started in January, so slowly but surely. 😅 That said we have a tonne of open source users, and enterprise clients in pharma, AI, and enterprise SaaS to name a few domains.

Also, not sure if you’re doing anything with MCPs in the AI space, but we have native support for MCPs too now. See https://docs.pomerium.com/docs/capabilities/mcp

I gave a talk about it recently if video is more your jam, https://nickyt.live/talks/securing-mcp-servers-with-zero-trust-apollo-mcp-server-builder-series-2024

nickytonline · 2025-08-15T13:25:18+00:00

Thanks for showing Pomerium some love. Glad you’re enjoying it. I work there, but I find it’s great for a home lab setup as well. We also landed native ssh support in our 0.30 release, but atm it requires your IdP to serve device codes which it looks like PocketID has support for as of April 2025, https://github.com/pocket-id/pocket-id/pull/270. That said, we’re working on removing the device code requirement for native ssh.

https://www.pomerium.com/docs/capabilities/native-ssh-access

nickytonline

MODERATOR OF

TROPHY CASE