[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security in a shell that starts ssh

Miquel Mart?n L?pez escribió:
> Hi all!
> We have several vt-100 terminal that log to the naub server at our office.
> Still, some users without account in the main server would like to login to
> another machine, so I was planning on creating a passwordless acount with a
> shell that's a program that asks for usernames and then execs ssh -l
> username. I didn't want to do a script to avouid ppl hitting ctrl+c and
> having a passwordless account. I'm also worried about buffer-overflows and a
> miriad things I'm too newbie to understand, so I'd appreciate any comments
> on the security flaws you see on this:
	Umm.. programs can have security flaws. How about using port
redirection, a similar problem arised to a group of administrators I
belong to and someon proposed, using port redirection, the following:

iptables -t nat -A PREROUTING -p tcp --dport 9999 -j DNAT --to

	That way you do not depend on (sometimes unreliable) programs/daemons.
	Of course, you needed, Linux 2.4. Another solution would be to use
applications such as (quick look to apt-cache search redirect) redir or


Reply to: