From owner-freebsd-security  Tue Feb 19 19:52:29 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gcfn.org (mail.gcfn.org [164.107.107.13])
	by hub.freebsd.org (Postfix) with ESMTP id 4B71037B41A
	for <freebsd-security@FreeBSD.ORG>; Tue, 19 Feb 2002 19:52:23 -0800 (PST)
Received: from acme.gcfn.org (login [164.107.107.11])
	by mail.gcfn.org (8.9.3/8.9.3) with ESMTP id WAA18414;
	Tue, 19 Feb 2002 22:50:46 -0500 (EST)
Received: (from kennsmit@localhost) by acme.gcfn.org (8.8.7/8.8.3) id WAA24325; Tue, 19 Feb 2002 22:50:45 -0500 (EST)
Date: Tue, 19 Feb 2002 22:47:32 -0500 (EST)
From: Kenneth Smith <kennsmit@gcfn.org>
Reply-To: Kenneth Smith <kennsmit@gcfn.org>
Subject: Re: SSH proxy (fwd)
To: andy@sambolian.net.nz
Cc: freebsd-security@FreeBSD.ORG
Message-ID: <Pine.3.07.10202192100.A22468-b100000@acme>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


I use a similar setup to what Matt is describing using an appliance
firewall and I would call port forwarding.  It has worked well for
application.  E-mail me directly for more information.


---------- Forwarded message ----------
Date: Tue, 19 Feb 2002 20:08:09 -0500 (EST)
From: Matt Piechota <piechota@argolis.org>
To: andy@sambolian.net.nz
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: SSH proxy

On Wed, 20 Feb 2002 andy@sambolian.net.nz wrote:

> I have a fbsd gateway at home through which I share our cable modem with my
> flatmates.  They have their own boxes on the lan and ssh to them from work.  At
> the moment we log into the gateway and from there ssh to the box we want.  I
> have made a shell script to automate this, and have set it as the default shell
> for our accounts on the gateway.  It all works well but I would like to know if
> there is a better way and also if there is a security rish with the way I have
> done it now.  Here is the script....

If you're allowed out of work on multiple ports, you could always forward
a series of ports to the individual machines.  That way you miss the
middle box.  Then all you have to do is ssh -pPORT cable_gateway to get to
the different machines.

-- 
Matt Piechota







To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message