You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2007-07-16 07:25:33
- DeepThoughts
- Member
- From: Norther part of Sweden (Piteå)
- Registered: 2006-04-11
- Posts: 44
- Website
SSH through SSH?
May not be the most self explanatory topic ever but bear with me.
I have two machines behind a cheap router. One of them acts as a server and since we are a couple of people who has our homepages on it I've configured it for SSH-access. I would like to be able to SSH in to my main machine too but I'm thinking it might be stoopid to open up one self on more than one front.
Therefore I'm wondering if it might be smart to configure SSH on my main machine to only allow connections from within my network. Which would mean that to gain access to my box I would need to first SSH in to my server and then from there SSH into my main computer. Does this make sense?
And on a sidenote, how stoopid is it to configure access through plain VNC?
Stefan Nitsche
stefan_at_nitsche_dot_se
Offline
#2 2007-07-16 09:03:21
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: SSH through SSH?
yes. I often ssh into one box, and from there ssh elsewhere inside my network.
As to the badness of using plain vnc, yes. It is a bad idea.
If you must use vnc, tunnel it somehow (via ssh or openvpn or something),
Vnc by itself is pretty insecure.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#3 2007-07-16 14:10:03
- rson451
- Member
- From: Annapolis, MD USA
- Registered: 2007-04-15
- Posts: 1,233
- Website
Re: SSH through SSH?
this is exactly how we get into our school network. the windows it dept didnt think it was safe to have all the machines open so we convinced them to let us have a jumper box. we ssh into that box with one password, ssh to the main server with another, then ssh to the workstation we want to work on from there.
archlinux - please read this and this — twice — then ask questions.
--
http://rsontech.net | http://github.com/rson
Offline
#4 2007-07-17 16:52:26
- PenguinFlavored
- Member
- From: Chicago, IL, USA
- Registered: 2006-06-06
- Posts: 66
- Website
Re: SSH through SSH?
I do this all the time because of my NAT router. It's better than having 5 ports open all serving ssh.
Offline
#5 2007-07-18 13:33:45
- spookshow
- Member
- From: abbotsford, bc
- Registered: 2006-11-15
- Posts: 95
- Website
Re: SSH through SSH?
yup, i ssh to my home box, then ssh to the other computers, only one is serving, rest are just waiting for internal connections.
Offline
#6 2007-07-19 08:17:19
- DeepThoughts
- Member
- From: Norther part of Sweden (Piteå)
- Registered: 2006-04-11
- Posts: 44
- Website
Re: SSH through SSH?
I've implemented this solution now and it works like a charm. 
Stefan Nitsche
stefan_at_nitsche_dot_se
Offline
#7 2007-08-01 14:22:08
- murffatksig
- Member
- From: Atl
- Registered: 2004-05-17
- Posts: 361
Re: SSH through SSH?
I do the same thing, I like to vnc to my "main" box but I'm not exposing it to the outside. I've heard way too many horror stories. Instead I tunnel it through the ssh connection to the server. Works great. And just for my sanity I run a port scan on myself from outside just to make sure nothing other than ssh is exposed.
"Oh, they have the internet on computers now."
Offline
Pages: 1