From owner-freebsd-security Thu Sep 23 21:45:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from mta1.snfc21.pbi.net (mta1.snfc21.pbi.net [206.13.28.122]) by hub.freebsd.org (Postfix) with ESMTP id 73E9A14FE6 for ; Thu, 23 Sep 1999 21:45:45 -0700 (PDT) (envelope-from madscientist@thegrid.net) Received: from remus (adsl-63-193-246-169.dsl.snfc21.pacbell.net) by mta1.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.1999.05.24.18.28.p7) with SMTP id <0FIJ008KORV0QV@mta1.snfc21.pbi.net> for freebsd-security@freebsd.org; Thu, 23 Sep 1999 21:45:01 -0700 (PDT) Date: Thu, 23 Sep 1999 21:45:21 -0700 From: The Mad Scientist Subject: Secure gateway to intranet X-Sender: i289861@mail.thegrid.net To: freebsd-security@freebsd.org Message-id: <4.1.19990923205643.0095ce70@mail.thegrid.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Content-type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org All, I am looking for a secure way to log into a machine on an intranet. Here's what I have in mind. A user ssh-es to a machine on the boarder network. Her shell is a script/program that asks for a name of an internal machine, then ssh-es to that machine after an authentication. This way, I could only open the border and internal routers up to that machine and a proxy server and I could have a log of who goes where. I'd also like to be able to set up some kind of acl in the proggie/script that dictates which users can go to which machines. For authentication, a username/pass will do for now, but later I'd like to expand it to some kind of one time card. Some kind of transparent secure file transfer would also be great. Now, here's what I am interested in knowing. What would be a simple and secure way to implement this. (I was thinking of perl) What sort of things should I be wary of when setting this up? Is this even advisable? ^_^ Thanks in advance, -Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message