As I put more virtual machines behind proxies and such, it became evident that my normal solution of ssh-ing into a gateway machine and hopping from there to the machines inside starts to lose it's charm when I want to allow some other people to get in as well. I was searching for a solution like a proxy for websites. I found it and it was kind of more than I was expecting.
What I found was sshproxy. I get to create users as data in the config files and they don't have direct access to the machine doing the proxy work. Plus, the accounts that are accessible inside the proxy are all configurable as well. Then you get to set rules on which logins can access which accounts and when or how. Part of what really started making me think how cool this is relates to how we have had to manage passwords at Base Systems. We would add peoples accounts to various machines, and then tell them the root passwords. With sshproxy, you can make strong user unfriendly passwords on the machine as they only need to be shared to the proxy. Then you can grant permissions to the various users to each of your internal machines, and to the accounts on them. When they leave the company, it is easy enough to remove the authorization from the proxy of a login. Since no one necessarily knew the passwords on the inside of the network, it means you don't have to worry too much about being compromised by a disgruntled former user. Right now, sshproxy supports ini style config files and mysql backed configs. Both should offer easy backup solutions. Seems it is mildly annoying to use from putty, and from a standard ssh client it isn't too bad. Documentation on some things is very sparse. But it is pluggable and written in python. So it isn't too hard for someone to just jump in and try and read the code to better understanding of the docs. -- Steven Critchfield [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
