Server Security (was SSH attack)
Bill McGonigle
bill at bfccomputing.com
Tue Dec 20 09:43:00 EST 2005
On Dec 19, 2005, at 22:22, Greg Rundlett wrote:
> For most host
> access, you need to go through a single point of entry (sentry), and
> then ssh from there over the local network... I am not really sure what
> tricks I need to get rsync to go from box C
> (desktop) to box B (sentry) to box A (host) because I' ve only gone
> from C->A in the past.
You might want to try my multi-hop SSH 'calculator':
http://bfccomputing.com/sshcalc
I use it to build a command line that I then save to shell scripts that
I run when I need a service like:
~/bin/2/kodak/webmin <- which I have set to open the correct browser
window too
A VPN might be easier, and I might go that way, but this is certainly
very explicit which has some security advantages. UDP-based services
(SNMP especially) are the hard part. I suspect this could be handled
with netcat pretty easily but I haven't gone there yet. ICMP might be
impossible without a ppp-level encapsulation.
I also have these on my 'look at pretty soon' list:
http://www.cskk.ezoshosting.com/cs/css/bin/hotfwd
http://www.cskk.ezoshosting.com/cs/css/bin/sshto
If anybody has used those, please comment.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list