Re: [PLUG] some bash help

Gavin W. Burris on 28 Oct 2015 10:27:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] some bash help

From: "Gavin W. Burris" <bug@wharton.upenn.edu>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] some bash help
Date: Wed, 28 Oct 2015 13:27:48 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=wharton.upenn.edu; s=smtp-relay; t=1446053270; bh=H2JC+Y1rPY/g98mygHbiSxCVMDZlaQl9TbOvw+GTA3I=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=oSS4EcbRzOhoN2PEvFxBjoBkTGLlWxI7W+THZ3tOLtAKnHtDf/Ii/Ry40ds2hx2F6 4Q+icBl6t6XoxIL7J9AT63rZhmZIywTh+ZiuYAPRLm8lcfIa7CU3RLknRAIU/XjeNJ zWujmrCA2sxOcI29QpuIZIA98ns8T9Oo5Wt+ftlQ=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mutt/1.5.23 (2014-03-12)

Hrm.  Maybe a key restriction wouldn't use a command option.  Maybe it just needs the permitopen="host:port" option.

Also, maybe this:  https://github.com/apenwarr/sshuttle

Cheers.

On Wed 10/28/15 01:17PM EDT, Gavin W. Burris wrote:
> Hrm.  One could enforce key-only auth to the first box, then restrict the allowed commands in the admin users ~/.ssh/authorized_keys file on the first box.  Something like:
> 
> command="ssh carl@191.168.1.123:22" ssh-rsa AAAAXXXXX...............
> 
> The command string has to be exact though, which I think can be pulled from the logs after one attempt.
> 
> Cheers.
> 
> 
> On Wed 10/28/15 12:59PM EDT, Paul Jungwirth wrote:
> > On 10/28/2015 09:46 AM, Carl Johnson wrote:
> > >I have a server that I need to use as a transparent jump box to another
> > >network. What I'd like to do is have a "serveradmin" user be able to SSH
> > >into "serverA" and automatically be SSH'ed into another server,
> > >"serverB". If this second ssh session to serverB is killed (i.e. ctrl+c)
> > >or dies for whatever reason I'd like the original ssh session to serverA
> > >to collapse too.
> > 
> > I assume you want serverA to enforce this, so telling the local .ssh/config
> > to use a proxy isn't an option?
> > 
> > What if in serverA's /etc/passwd the login shell for serveradmin *is* the
> > ssh command to go to serverB (or some wrapper script). It seems that a ^C
> > should then kill the whole thing. I wouldn't be surprised if there were
> > still some way to run commands on serverA though.
> > 
> > Paul
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group         --        http://www.phillylinux.org
> > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> 
> -- 
> Gavin W. Burris
> Senior Project Leader for Research Computing
> The Wharton School
> University of Pennsylvania
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

-- 
Gavin W. Burris
Senior Project Leader for Research Computing
The Wharton School
University of Pennsylvania
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] some bash help
  - From: Carl Johnson <cjohnson19791979@gmail.com>
- Re: [PLUG] some bash help
  - From: Paul Jungwirth <pj@illuminatedcomputing.com>
- Re: [PLUG] some bash help
  - From: "Gavin W. Burris" <bug@wharton.upenn.edu>

Prev by Date: Re: [PLUG] some bash help
Next by Date: Re: [PLUG] some bash help
Previous by thread: Re: [PLUG] some bash help
Next by thread: Re: [PLUG] some bash help
Index(es):
- Date
- Thread