Re: Security in a shell that starts ssh

To: Miquel Mart?n L?pez <miquel@casal.upc.es>
Cc: debian-security@lists.debian.org
Subject: Re: Security in a shell that starts ssh
From: Javier Fernandez-Sanguino Peña <jfernandez@sgi.es>
Date: Wed, 13 Jun 2001 15:13:36 +0200
Message-id: <[🔎] 3B276700.B09BA2D3@sgi.es>
References: <[🔎] 20010612234007.A25518@casal.upc.es>

Miquel Mart?n L?pez escribió:
> 
> Hi all!
> We have several vt-100 terminal that log to the naub server at our office.
> Still, some users without account in the main server would like to login to
> another machine, so I was planning on creating a passwordless acount with a
> shell that's a program that asks for usernames and then execs ssh -l
> username. I didn't want to do a script to avouid ppl hitting ctrl+c and
> having a passwordless account. I'm also worried about buffer-overflows and a
> miriad things I'm too newbie to understand, so I'd appreciate any comments
> on the security flaws you see on this:
> 
	Umm.. programs can have security flaws. How about using port
redirection, a similar problem arised to a group of administrators I
belong to and someon proposed, using port redirection, the following:

iptables -t nat -A PREROUTING -p tcp --dport 9999 -j DNAT --to
another_server:22

	That way you do not depend on (sometimes unreliable) programs/daemons.
	Of course, you needed, Linux 2.4. Another solution would be to use
applications such as (quick look to apt-cache search redirect) redir or
rinetd..

	Javi

Reply to:

References:
- Security in a shell that starts ssh
  - From: Miquel Mart?n L?pez <miquel@casal.upc.es>

Prev by Date: Re: Kernel 2.4 SOS
Next by Date: Re: Security in a shell that starts ssh
Previous by thread: Re: Security in a shell that starts ssh
Next by thread: Re: Security in a shell that starts ssh
Index(es):
- Date
- Thread