[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dmz with ssh

Il gio, 2003-08-21 alle 19:08, Christopher Huhn ha scritto:
> I'd like to setup a login host in our DMZ: users should be able to login 
> from the outside via ssh and connect to the hosts in the internal 
> network via ssh also. This should be trivial in the first place, but
> Is there a possibility to get X11 forwarding working - without 
> installing at least xbase-clients on the DMZ host? X11 forwarding seems 
> at least to depend on the availibility of xauth.
> Can you get the functionality of scp/sftp without a direct (ssh) 
> connection of server and client?
> Maybe via an ssh tunnel over ssh? But you don't really need double 
> encryption? What about rsync over ssh?

Let's say:
 A is the client;
 B is the dmz login host;
 C is the target server;
 p is an unprivileged port not in use on A;
 X is an alias for localhost on A. [0]

Using only ssh (and sftp as an example of generic tcp application) you
can: [1]

$ ssh -f -N -L $p:$C:22 $B
$ sftp -oPort=$p $X

With socks4'ed applications you could also use -D option to let $B act
as a socks4 proxy.

Not tried, however i firmly think that you can use X11forwarding without
installing X-related packages on B (otherwise you could consider using
vnc and the -via option).

Gian Piero.

[0] Aliases are used to trick the strict key check. Investigate
HostKeyAlias in order to do that cleanly.
[1] Other ssh options at your choice.

Reply to: