[nylug-talk] replacing SSH gateway?
C Thala
cthala at gmail.com
Wed Sep 5 14:38:27 EDT 2007
We have a couple of machines we set up for various developers to use:
pub0
int0
int1
int2
...
The int* machines are all on an internal (10/8) network for security
reasons. Because of this we have a publicly accessible that these devs
ssh into pub0 first before they ssh into the int* machines.
The issue we have is this...every single developer who needs to access
an internal machine now has an SSH account on pub0. This is not really a
big deal, all the developers are company employees and we trust them,
but we really don't want to give out login accounts on a machine that
exists only to make the internal machines accessible.
What is a better solution?
1. Set up some sort of VPN -- keep in mind though that the setup we
currently have is OS-agnostic, devs ssh in from their Linux or
Windows or MacOS boxes without any problems. So any potential VPN
solution should be just as portable and easy to use.
2. Keep the SSH gateway setup as is
3. ?
Suggestions appreciated.
More information about the nylug-talk
mailing list