Re: dmz with ssh
Il gio, 2003-08-21 alle 19:08, Christopher Huhn ha scritto:
> I'd like to setup a login host in our DMZ: users should be able to login
> from the outside via ssh and connect to the hosts in the internal
> network via ssh also. This should be trivial in the first place, but
>
> Is there a possibility to get X11 forwarding working - without
> installing at least xbase-clients on the DMZ host? X11 forwarding seems
> at least to depend on the availibility of xauth.
>
> Can you get the functionality of scp/sftp without a direct (ssh)
> connection of server and client?
> Maybe via an ssh tunnel over ssh? But you don't really need double
> encryption? What about rsync over ssh?
Let's say:
A is the client;
B is the dmz login host;
C is the target server;
p is an unprivileged port not in use on A;
X is an alias for localhost on A. [0]
Using only ssh (and sftp as an example of generic tcp application) you
can: [1]
$ ssh -f -N -L $p:$C:22 $B
$ sftp -oPort=$p $X
With socks4'ed applications you could also use -D option to let $B act
as a socks4 proxy.
Not tried, however i firmly think that you can use X11forwarding without
installing X-related packages on B (otherwise you could consider using
vnc and the -via option).
Ciao,
Gian Piero.
Notes:
[0] Aliases are used to trick the strict key check. Investigate
HostKeyAlias in order to do that cleanly.
[1] Other ssh options at your choice.
Reply to: