The risk of adding the Self host netbird server as a peer

AMi · February 3, 2026, 6:45pm

Hi friends,

i was wondering about the best practice regarding the selfhosted netbird control/management server. I’m running mine on a VPS which is pretty much locked down. I was wondering if it is smart to install the netbird agent on it and having it accessible via ssh through the netbird network. What’s the recommendation?What are the risks?

kind regards,
-AMi

flotpg · February 4, 2026, 5:34pm

Hi @AMi,
good question and I was thinking about the same thing when we discussed the thread model.

Our use cases:

Monitor various metrics of the host OS using SNMP / LibreNMS which is running internally and part of the NetBird network
Backup / push config changes to a Git server which is running internally and part of the NetBird network
SSH into the server only from the Netbird Network (Emergency access is only possible via VPS console @ Hetzner).

From a public / internet perspective, this shouldn’t introduce any additional attack surface / vectors.

From within the Netbird Network the risk is minimal if you have tight ACLs meaning only access from 2 admin machines.

Regards, Flo.

AMi · February 4, 2026, 5:48pm

Thank you Flo,

this confirms my line of reasoning and matched my threat model too.

-AMi