ssh port forwarding / security risk
Posted
by jcooper
on Server Fault
See other posts from Server Fault
or by jcooper
Published on 2010-04-06T15:05:05Z
Indexed on
2010/04/06
15:13 UTC
Read the original article
Hit count: 425
Hi there,
I want to access a web application running on a web server behind my office firewall from an external machine.
We have a bastion host running sshd that is accessible from the Internet.
I want to know if this solution is a bad idea:
- Create an account on the bastion host with shell=/bin/false and no password ('testuser')
- Create a ssh RSA key on the external machine
- Add the public RSA key to the testuser's authorized_keys file
- ssh to the bastion host from the external host using: ssh -N 8888:targethost:80
- run my tests from the external host
- shut down the ssh tunnel
I understand that if my RSA private key were compromised then someone could ssh to the bastion host. But are there other reasons this solution is a bad idea?
thank you!
© Server Fault or respective owner