2002-02-17-05:37:09 Abdulkareem Kusai: > Is there an OpenSSH proxy out there?
If you just want to allow all ssh through, a plug-gw will pass ssh. If you want to enforce any special policy on who can connect or how they must authenticate, you'll need to construct a Man In The Middle. This is easy; just set up an sshd running on the bastion, and arrange whatever auth you want to require. Have the login shell for the users who should pass through be a simple program that execs an ssh client to pass on to an internal machine. This allows you to disable X11 session forwarding, port forwarding, and remote cmd execution, regardless of the internal ssh config. -Bennett
msg23292/pgp00000.pgp
Description: PGP signature
