Re: Security in a shell that starts ssh

[Javier Fernandez-Sanguino Pe�a]

Miquel Mart?n L?pez escribi�:
> 
> Hi all!
> We have several vt-100 terminal that log to the naub server at our office.
> Still, some users without account in the main server would like to login to
> another machine, so I was planning on creating a passwordless acount with a
> shell that's a program that asks for usernames and then execs ssh -l
> username. I didn't want to do a script to avouid ppl hitting ctrl+c and
> having a passwordless account. I'm also worried about buffer-overflows and a
> miriad things I'm too newbie to understand, so I'd appreciate any comments
> on the security flaws you see on this:
> 
        Umm.. programs can have security flaws. How about using port
redirection, a similar problem arised to a group of administrators I
belong to and someon proposed, using port redirection, the following:

iptables -t nat -A PREROUTING -p tcp --dport 9999 -j DNAT --to
another_server:22

        That way you do not depend on (sometimes unreliable) programs/daemons.
        Of course, you needed, Linux 2.4. Another solution would be to use
applications such as (quick look to apt-cache search redirect) redir or
rinetd..

        Javi


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]