Here is also an interesting video regarding jump servers:

https://www.youtube.com/watch?v=KIeBC7NIzj4

Michael

http://www.mksolutions.info

> Am 18.08.2023 um 17:44 schrieb Michael Keuter <li...@mksolutions.info>:
> 
> Nice video, very interesting.
> 
> BTW: on macOS you can install Proxychain via Homebrew with:
> 
> brew install proxychains-ng
> 
> and call it with "proxychain4 firefox".
> 
>> Am 18.08.2023 um 17:02 schrieb Lonnie Abelbeck <li...@lonnie.abelbeck.com>:
>> 
>> Hi Michael,
>> 
>> I don't have any personal experience to share, but Tom Lawrence has a 
>> related video [1]
>> 
>> Youtube: SSH Jump Server Access and How To Pivot Using OpenVPN & Proxychains
>> 
>> I suspect this could all be done with SSH+SOCKS (Proxychains) and no OpenVPN 
>> tunnel as his example does.
>> 
>> Key takeaways are to encrypt the Jump Server's drive (and backup), keep it 
>> local and secure from the internet, limit remote AstLinux SSH access via its 
>> firewall and Jump Server ssh key.
>> 
>> 
>> Alternatively, some sort of automation to keep the remote AstLinux SSH keys 
>> updated from one hardened location.
>> 
>> Lonnie
>> 
>> [1] https://www.youtube.com/watch?v=jqudlmfG0zA
>> 
>> 
>> 
>>> On Aug 18, 2023, at 2:17 AM, Michael Knill 
>>> <michael.kn...@ipcsolutions.com.au> wrote:
>>> 
>>> Hi All
>>> 
>>> Here is the issue:
>>> We access devices behind Astlinux currently using SSH Tunnelling and SOCKS. 
>>> It works well however it is becoming increasingly difficult in managing 
>>> local authentication to do this such as using SSH Keys.
>>> We are going to be bringing on additional staff and I don’t want to have to 
>>> go into every system to add credentials or keys every time we bring on a 
>>> new staffmember.
>>> 
>>> Just wondering if there are any options for external authentication of SSH 
>>> rather than local on Astlinux e.g. using RADIUS
>>> Could there be any other options e.g. HTTPS proxy?
>>> 
>>> Regards
>>> 
>>> Michael Knill
>>> Managing Director



_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to