two security related questions
My first question should be relatively simple. How much of a difference would it make and how much easier would it be to implement having a user ssh. The user would be the only one that can start an ssh session and would have access to just about nothing. the user would then have to su into his own account.
my other, and perhaps more complicated question deals with ipcop. Is it possible to make an ipcop box act like a switch isntead of a router? Or if not, can someone explain to me how it could route and still allow me to ssh into my machines? I'm on a campus network and i was planning next year to have a few boxes and an ipcop firewall. trouble is, how would they get ips from the campus dhcp with ipcop as a router? I hope that makes sense somewhat. Now that I think of it. . . (okay three questions) would it be a good idea to have something of a gateway box? I.e. I can remote into this machine from anywhere (currently i have it set up so i can only remote into my machines from within the campus network, a class B) and then from this machine i can ssh or vnc into one of my computers. my other computers would be set up to allow remote connections from only this one machine. Thanks in advance for any answers you might have. -Matt |
ssh with public keys
I use something like your scenario in 3 and it works fine. I have a "sensitive" box that only allows ssh on a non standard port with keys and firewalled to a specific IP. I got a cool ssh client for my blackberry but did not want to open the firewall. So it made sense to ssh into the machine at the ip allowed by the firewall and then connect to the sensitive machine.
I don't know about ipcop but as far as hitting different machines behind a single ip. I just use different ports for different machines and then port forward accordingly. Ssh sometimes freaks out thinking "men are in the middle" but that's bearable. HTH |
Quote:
Quote:
as for the campus DHCP server: your LAN doesn't really need that... basically only the WAN side of your router would need to use the campus DHCP server, as your LAN boxes would optimally get their IPs from your own DHCP server, which could be running on your router's LAN side - assigning internal IPs... Quote:
|
All times are GMT -5. The time now is 09:31 AM. |