Lois Bennett <[email protected]> writes:
>> Are you absolutely sure you don't want to forward port 22/tcp to the
>> inside machine, and so make your system a tiny bit simpler?
>
> I am not sure. The idea is to protect the inner system.
I strongly suspect that you will get absolutely no improvement in
security from the bastion host in this case, but you obviously need to
do your own risk analysis to be confident.
> It may be that a simple port forwarding would accomplish that but I am
> not sure I can convince my boss. If I were to do a simple port
> forwarding this bastion machine would only have port 22 open to the
> outside world and then a port to the inner system.
*nod*
> A user will not login to it but only connect to it. I will look into
> port forwarding. Thanks
No worries. My logic, if it helps, is:
If your bastion host is blindly forwarding these connections on no
stronger authority than a user logging in, and if it doesn't impose
stronger security than the inner host, you gain nothing.
If one of those conditions isn't true then you /might/ gain something,
but it probably isn't worth the risk that another host to manage. :)
>> In any case, can you explain what isn't working? "being
>> recalcitrant" isn't the most descriptive failure in the world, and
>> the examples in the manual page are fairly straight forward for
>> running commands...
>>
> Sorry I have copious debug output but I hesitated to put that in since
> I was really looking for pointers to online guides. I did see lots of
> good examples in the man pages and other place all for commands.
*nod* That is a fair call. If you keep having trouble, though, more
detail is probably helpful. :)
[...]
> Thanks, Daniel, this was helpful. I will go and a mmend something and
> if it doesn't work I will send some more details.
No worries. Good luck.
Regards,
Daniel
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
