From owner-freebsd-security Tue Feb 19 17: 8:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-66-67-16-161.stny.rr.com [66.67.16.161]) by hub.freebsd.org (Postfix) with ESMTP id 4D9EE37B402 for ; Tue, 19 Feb 2002 17:08:34 -0800 (PST) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.11.6/8.11.4) with ESMTP id g1K189L00804; Tue, 19 Feb 2002 20:08:10 -0500 (EST) (envelope-from piechota@argolis.org) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Tue, 19 Feb 2002 20:08:09 -0500 (EST) From: Matt Piechota To: andy@sambolian.net.nz Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH proxy In-Reply-To: <1014164431.3c72ebcff08c3@webmail.sambolian.net.nz> Message-ID: <20020219200558.F710-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 20 Feb 2002 andy@sambolian.net.nz wrote: > I have a fbsd gateway at home through which I share our cable modem with my > flatmates. They have their own boxes on the lan and ssh to them from work. At > the moment we log into the gateway and from there ssh to the box we want. I > have made a shell script to automate this, and have set it as the default shell > for our accounts on the gateway. It all works well but I would like to know if > there is a better way and also if there is a security rish with the way I have > done it now. Here is the script.... If you're allowed out of work on multiple ports, you could always forward a series of ports to the individual machines. That way you miss the middle box. Then all you have to do is ssh -pPORT cable_gateway to get to the different machines. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message