stdio to port forward?
Darren Tucker
dtucker at zip.com.au
Mon May 24 19:54:08 EST 2004
Damien Miller wrote:
> Dan Kaminsky wrote:
>>Also, an obvious disadvantage of the system below is that the client
>>can't direct its final destination. That makes it a no-go for most
>>bastion uses (what are you going to use -- a separate account for each
>>destination? A separate port?).
>
> In the past I have used either a separate key or a separate account.
You could also extract the hostname from SSH_ORIGINAL_COMMAND, compare
it to a lost of allowed hosts and connect if it's permitted.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list