[nylug-talk] replacing SSH gateway?
etamme at optonline.net
etamme at optonline.net
Wed Sep 5 14:50:18 EDT 2007
Use drop bear tobounce ssh connections and set your acces lists to only accept ssh from pub0.
Alternately. Install openvpn on the pub0 box and set up nat and routing to the internal network.
-E
Sent via BlackBerry from T-Mobile
-----Original Message-----
From: C Thala <cthala at gmail.com>
Date: Wed, 05 Sep 2007 14:38:27
To:nylug <nylug-talk at nylug.org>
Subject: [nylug-talk] replacing SSH gateway?
We have a couple of machines we set up for various developers to use:
pub0
int0
int1
int2
...
The int* machines are all on an internal (10/8) network for security
reasons. Because of this we have a publicly accessible that these devs
ssh into pub0 first before they ssh into the int* machines.
The issue we have is this...every single developer who needs to access
an internal machine now has an SSH account on pub0. This is not really a
big deal, all the developers are company employees and we trust them,
but we really don't want to give out login accounts on a machine that
exists only to make the internal machines accessible.
What is a better solution?
1. Set up some sort of VPN -- keep in mind though that the setup we
currently have is OS-agnostic, devs ssh in from their Linux or
Windows or MacOS boxes without any problems. So any potential VPN
solution should be just as portable and easy to use.
2. Keep the SSH gateway setup as is
3. ?
Suggestions appreciated.
_____________________________________________________________________________
Hire expert Linux talent by posting jobs here :: http://jobs.nylug.org
The nylug-talk mailing list is at nylug-talk at nylug.org
The list archive is at http://nylug.org/pipermail/nylug-talk
To subscribe or unsubscribe: http://nylug.org/mailman/listinfo/nylug-talk
More information about the nylug-talk
mailing list