Gavin W. Burris on 28 Oct 2015 10:18:05 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] some bash help

Hrm.  One could enforce key-only auth to the first box, then restrict the allowed commands in the admin users ~/.ssh/authorized_keys file on the first box.  Something like:

command="ssh carl@" ssh-rsa AAAAXXXXX...............

The command string has to be exact though, which I think can be pulled from the logs after one attempt.


On Wed 10/28/15 12:59PM EDT, Paul Jungwirth wrote:
> On 10/28/2015 09:46 AM, Carl Johnson wrote:
> >I have a server that I need to use as a transparent jump box to another
> >network. What I'd like to do is have a "serveradmin" user be able to SSH
> >into "serverA" and automatically be SSH'ed into another server,
> >"serverB". If this second ssh session to serverB is killed (i.e. ctrl+c)
> >or dies for whatever reason I'd like the original ssh session to serverA
> >to collapse too.
> I assume you want serverA to enforce this, so telling the local .ssh/config
> to use a proxy isn't an option?
> What if in serverA's /etc/passwd the login shell for serveradmin *is* the
> ssh command to go to serverB (or some wrapper script). It seems that a ^C
> should then kill the whole thing. I wouldn't be surprised if there were
> still some way to run commands on serverA though.
> Paul
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --

Gavin W. Burris
Senior Project Leader for Research Computing
The Wharton School
University of Pennsylvania
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --