Securing a persistent reverse SSH connection for management
Posted
by
bVector
on Server Fault
See other posts from Server Fault
or by bVector
Published on 2012-03-25T20:40:13Z
Indexed on
2012/03/25
23:31 UTC
Read the original article
Hit count: 264
I am deploying demo Ubuntu 10.04 LTS servers in environments I do not control and would like to have an easy and secure way to administer these machines without having to have the destination firewall forward port 22 for SSH access.
I've found a few guides to do this with reverse port (e.g. howtoforge reverse ssh tunneling guide) but I'm concerned with security of the stored ssh credentials required for the tunnel to be opened automatically.
If the machine is compromised (primary concern is physical access to the machine is out of my control) how can I stop someone from using the stored credentials to poke around in the reverse ssh tunnel target machine?
Is it possible to secure this setup, or would you suggest an alternate method?
© Server Fault or respective owner