Date: Fri, 08 Jan 2010 15:56:47 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: User questions <freebsd-questions@freebsd.org> Subject: Re: Accessing Computer Message-ID: <4B4755BF.6050707@infracaninophile.co.uk> In-Reply-To: <BLU0-SMTP78847C90165F6FDF628C5E93700@phx.gbl> References: <BLU0-SMTP659DC317869C12ACBF24DA93700@phx.gbl> <20100108081228.791ffcbf.wmoran@potentialtech.com> <BLU0-SMTP78847C90165F6FDF628C5E93700@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig71CB42B9BC6B327EE81A3A6E
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Carmel wrote:
> On Fri, 8 Jan 2010 08:12:28 -0500 Bill Moran <wmoran@potentialtech.com>=
articulated:
>=20
>> In response to Carmel <carmel_ny@hotmail.com>:
>>
>>> Assume three computers.
>>>
>>> Computer 1 runs Windows with Putty installed
>>> Computer 2 & 3 run FreeBSD
>>>
>>> Computer 1 runs Putty and creates a key that is installed on computer=
2.
>>> Computer 2 has a key that is installed on computer 3.
>>>
>>> If someone were to use computer 1 via Putty to access computer 2, wou=
ld
>>> they then be able to access computer 3? If so, how could I prevent it=
>>> from happening?
>> You could prevent ssh connections from 2 -> 3 on port 22 via firewall.=
>=20
> I am not sure if I am following you correctly. I frequently access
> computer 3 from computer 2. If I block port 22 I will have to use
> another on, correct? If I do enable another one, what is to prevent a
> user on computer 1 from accessing computer 2 and then on to computer 3?=
>=20
> What I want to accomplish is making it impossible to access computer 3
> from other than computer 2 and then only if computer two is not being
> used as a slave from computer 1, or any other computer for that matter.=
In order to do this, you'ld have to have a private key stored on Computer=
2.
Unfortunately, if you or anyone authorised to use that key pair logs into=
Computer 2 they can then use that key to ssh into Computer 3 irrespective=
of whether they logged in over the network, or on Computer 2's console.
=20
> Probably what I want cannot be implemented; however, I thought I would
> ask anyway.
I don't think it can. But the big 'if' in my statement above is 'authori=
zed
to use the private key' -- or in other words they know the passphrase the=
re.
Just don't tell the user from Computer 1 the passphrase to the key on Com=
puter
2 and you will achieve the desired effect.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig71CB42B9BC6B327EE81A3A6E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAktHVcUACgkQ8Mjk52CukIy/RgCeO0a2vZ7es/UrMDmyOLNSryDb
dzsAnRQY1KszJfMqr3aIt94hyZraX+a0
=1Ifm
-----END PGP SIGNATURE-----
--------------enig71CB42B9BC6B327EE81A3A6E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B4755BF.6050707>