Re: https, ssh - remote control

From: AT (notme_at_example.com)
Date: 09/08/05 

Date: Thu, 08 Sep 2005 16:23:33 +0200

On Wed, 07 Sep 2005 22:39:12 -0700, jag456 wrote:

> Could someone please suggest how i could go about setting up a remote
> portal to administer remote Linux boxes.
>
> My idea is to basically have a web server - that is contactable from
> anywhere using https - authenticating an administrator, who is able to
> ssh from that portal to a remote Linux server. The main objective is
> to have the web server place ssh the connection on behalf of the end
> user. Thereafter iptables / ssh wrapper can be modified to accept ssh
> only from that public address.

Do I understand you correctly? The web server (behind the corporate
firewall) should broker an ssh connection to an ssh server (also behind
said corporate firewall), then modify the same corporate firewall to allow
connections from some outside IP?
 
> i.e. text graphic diagram :
>
>
> wks --->(Corporate firewall)---->(Webserver)-----> Remote Linux Server
> | | |
> Https Https SSH
>
>
> Ideally i am looking to bypass Corporate firewalls that block ssh - in
> enviroments for which i have no controll.

- How is the web server supposed to modify the firewall if you don't have
control over the firewall?
- Why do you want to add another point of failure?
- Do you think that it is a wise (ie. secure) decision to authenticate on
a web server rather than using ssh's authentication methods (preferably
public key only to non-root account) directly?
- If the corporate security policy doesn't allow remote access via ssh
directly, do you think the company will be happy to find out that you are
circumventing their policy? 

-- 
Andreas

Relevant Pages

  • Re: OT [Kinda] All in one adsl/cable modem/router thingies.
    ... Any service, maybe except ssh? ... > These integrated units commonly run as a firewall, a router, a DHCP ... Before I had a web server set up, ... could connect to it on port 80. ...
    (comp.os.linux.security)
  • Re: What are these ports?
    ... Do you think i'd better leave this port open? ... you want to do administration from a limited set of hosts. ... in with ssh on your web server, ...
    (comp.security.firewalls)
  • Re: ssh tunneling newbie question
    ... > I'd like to access web pages on the internal web server at work from ... I can ssh to my account at work and run mozilla ...
    (comp.security.ssh)
  • https, ssh - remote control
    ... portal to administer remote Linux boxes. ... My idea is to basically have a web server - that is contactable from ... ssh from that portal to a remote Linux server. ...
    (alt.os.linux)
  • security considertations in deploying asp.net web apps
    ... I am about to deploy an asp.net web app which will consist of a web server ... in the DMZ invoking web services hosted inside the corporate firewall. ...
    (microsoft.public.dotnet.framework.aspnet)