[nylug-talk] replacing SSH gateway?

Clark Sims clark_sims2 at yahoo.com
Thu Sep 6 06:47:20 EDT 2007 

I love openvpn.    It is  more  robust  in a bad  network environment  than  TCP!   There have been many times  where  all my  ssh  connections  lock up, during  a short  network outage, but the  openvpen  connections survive much longer, and come  back to life as  soon as the network is back up. 

Rodrick Brown <rodrick.brown at gmail.com> wrote: On 9/5/07, C Thala  wrote:
> We have a couple of machines we set up for various developers to use:
>
>     pub0
>     int0
>     int1
>     int2
>     ...
>
> The int* machines are all on an internal (10/8) network for security
> reasons. Because of this we have a publicly accessible that these devs
> ssh into pub0 first before they ssh into the int* machines.
>
> The issue we have is this...every single developer who needs to access
> an internal machine now has an SSH account on pub0. This is not really a
> big deal, all the developers are company employees and we trust them,
> but we really don't want to give out login accounts on a machine that
> exists only to make the internal machines accessible.
>
> What is a better solution?
>
>     1. Set up some sort of VPN -- keep in mind though that the setup we
>        currently have is OS-agnostic, devs ssh in from their Linux or
>        Windows or MacOS boxes without any problems. So any potential VPN
>        solution should be just as portable and easy to use.
>
>     2. Keep the SSH gateway setup as is
>
>     3. ?
>

Look at Neoteris SSL/VPN gateways.

> Suggestions appreciated.
> _____________________________________________________________________________
> Hire expert Linux talent by posting jobs here :: http://jobs.nylug.org
> The nylug-talk mailing list is at nylug-talk at nylug.org
> The list archive is at http://nylug.org/pipermail/nylug-talk
> To subscribe or unsubscribe: http://nylug.org/mailman/listinfo/nylug-talk
>


-- 
Rodrick R. Brown
http://www.rodrickbrown.com
_____________________________________________________________________________
Hire expert Linux talent by posting jobs here :: http://jobs.nylug.org
The nylug-talk mailing list is at nylug-talk at nylug.org
The list archive is at http://nylug.org/pipermail/nylug-talk
To subscribe or unsubscribe: http://nylug.org/mailman/listinfo/nylug-talk


       
---------------------------------
Park yourself in front of a world of choices in alternative vehicles.
Visit the Yahoo! Auto Green Center.

More information about the nylug-talk mailing list