[Gllug] DMZ to inside copy
Bruce Richardson
itsbruce at uklinux.net
Thu Jan 15 16:41:29 UTC 2004
On Thu, Jan 15, 2004 at 02:47:06PM +0000, Doug wrote:
> Now copy .ssh/id_dsa.pub to the external machine, and put it in:
>
> .ssh/authorized_keys
>
> in the new account. This will allow the internal account to log into
> the external machine as this user, without providing a password.
You're doing that the wrong way round, IMO. The OP would want to run
scp from the LAN box, not the DMZ box. Doing it the way you suggest a)
requires that a hole is opened in the firewall to allow the DMZ box ssh
access to the internal network and b) potentially gives the user account
on the DMZ box much greater access to the LAN box than is necessary.
There's no reason not to run the scp job from the LAN box. That way, no
holes are needed in the LAN<-DMZ firewall and no access is granted to
anything on the LAN box.
--
Bruce
I unfortunately do not know how to turn cheese into gold.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040115/e2c3dcfe/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list