smart card authentication with Linux?
Fred
puissante at gcpy.com
Wed Nov 23 18:59:01 EST 2005
On Monday 14 November 2005 21:06, Paul Lussier wrote:
...
> Nope, you're mis-understanding the problem. The bastion host in
> question is NOT something we control. We're SSH'ing into a customer's
> bastion host, then from there to our systems installed at they're
> location. Additionally, there are many, many of these types of sites,
> and, there are other sites to which no remote access at all is
> allowed, and we must be on-site and access the system directly.
Why not set up a bastion server AT YOU COMPANY that then connects to your
client's bastion hosts? With some scripting, you can do *all* authenication
on your bastion, and hide the authentication between your bastion and theirs
from the user. Now, you only have one point of control to worry about, not
many.
You'll have to work out the mapping details, of course, but ssh is born to do
port forwarding. You'll just have an extra point of indirection. One under
your absolute control.
-Fred
More information about the gnhlug-discuss
mailing list