Hi Michael, I don't have any personal experience to share, but Tom Lawrence has a related video [1]
Youtube: SSH Jump Server Access and How To Pivot Using OpenVPN & Proxychains I suspect this could all be done with SSH+SOCKS (Proxychains) and no OpenVPN tunnel as his example does. Key takeaways are to encrypt the Jump Server's drive (and backup), keep it local and secure from the internet, limit remote AstLinux SSH access via its firewall and Jump Server ssh key. Alternatively, some sort of automation to keep the remote AstLinux SSH keys updated from one hardened location. Lonnie [1] https://www.youtube.com/watch?v=jqudlmfG0zA > On Aug 18, 2023, at 2:17 AM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Hi All > > Here is the issue: > We access devices behind Astlinux currently using SSH Tunnelling and SOCKS. > It works well however it is becoming increasingly difficult in managing local > authentication to do this such as using SSH Keys. > We are going to be bringing on additional staff and I don’t want to have to > go into every system to add credentials or keys every time we bring on a new > staffmember. > > Just wondering if there are any options for external authentication of SSH > rather than local on Astlinux e.g. using RADIUS > Could there be any other options e.g. HTTPS proxy? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > <image001.png> > Smarter Business Communications > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
