tldr: in current flyctl, as long as you’re not on Windows, you should be able to SSH to multiple hosts (or do anything else that involves user-mode WireGuard) just fine. Previously, a new run of flyctl ssh console would kill any previously running flyctl ssh consoles, because that command builds a new WireGuard tunnel, and you can only have one of those at a time (they own an IPv6 address). Now, though, when you run ssh console, flyctl spins off an agent parked on a Unix socket that manages the WireGuard connection long-term.
Some background here:
We’ve been using this internally for a bunch of weeks now, and it hasn’t caused any drama.
The agent is only launched if you actually use flyctl ssh console (or any future feature that uses user-mode WireGuard). You can kill the agent any time, either by literally killing it, or by running flyctl agent stop.
If you’re on Windows, where we haven’t really sunk any time in yet to figure out how to replicate this setup, flyctl ssh console works the same way it always has.
Very cool to see! I’ve run into this frustration when comparing things between apps quite a few times.