[olug] restricting ports on SSH forwarding
Lou Duchez
lou at paprikash.com
Thu May 28 21:52:12 CDT 2020
I am on Team Linux as much as possible myself, but we do have a few
servers that do WIndows. Some run ASP.Net applications (and as good as
Mono is, it's still less stable than genuine .Net). And we have, on the
cloud, some virtual PCs that we use for development or running other
Windows utilities; accessing them securely is a big deal.
On 5/28/2020 10:16 PM, Reiners Cloud Consulting LLC wrote:
> Absolutely, I'd recommend replacing with openSSHd myself, but I'm team
> Linux for everything whenever possible. Should work fine, and follow all
> standards as close as possible.
>
> I've never installed it on windows before myself, but I can't see why it
> wouldn't work.
>
>
>
> On Thu, May 28, 2020, 8:39 PM Lou Duchez <lou at paprikash.com> wrote:
>
>> Thanks for the pointer; alas it's specific to OpenSSH. Perhaps I need
>> to install Win32-OpenSSH, which will hopefully include the
>> authorized_keys functionality.
>>
>> I went with freeSSHd because it installed easily and smoothly, and
>> seemed to work well for the most part. That's when it dawned on me that
>> port forwarding comes with a BIG security risk ...
>>
>>
>> On 5/28/2020 8:22 PM, Reiners Cloud Consulting LLC wrote:
>>> I realize it's windows based ssh but maybe it has some similar flags to
>> get
>>> you in pointed in the right direction.
>>>
>>> On Thu, May 28, 2020, 7:19 PM Justin Reiners <justin at hotlinesinc.com>
>> wrote:
>>>> Here's a good write-up on restricting access, hope it helps
>>>>
>>>>
>>>>
>> https://blog.tinned-software.net/restrict-ssh-access-to-port-forwarding-to-one-specific-port/
>>>> On Thu, May 28, 2020, 6:41 PM Lou Duchez <lou at paprikash.com> wrote:
>>>>
>>>>> So SSH forwarding is a dandy way to get data to travel back and forth
>>>>> over a secure encrypted connection. The only problem I'm aware of is,
>>>>> if I open up SSH port forwarding on my server to allow access to port
>>>>> 11111, there's nothing stopping a user from using the same SSH
>>>>> connection get at port 22222.
>>>>>
>>>>> ... or is there? Any thoughts on how to limit the port forwarding on
>> an
>>>>> SSH connection? In particular I'm using freeSSHd on a Windows server,
>>>>> so if anyone knows anything about that, that would help.
>>>>> _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://www.olug.org/mailman/listinfo/olug
>>>>>
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://www.olug.org/mailman/listinfo/olug
>>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://www.olug.org/mailman/listinfo/olug
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://www.olug.org/mailman/listinfo/olug
>>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://www.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list