[Gllug] DMZ to inside copy
Doug Winter
doug at pigeonhold.com
Thu Jan 15 16:52:15 UTC 2004
On Thu 15 Jan Bruce Richardson wrote:
> On Thu, Jan 15, 2004 at 02:47:06PM +0000, Doug wrote:
> > Now copy .ssh/id_dsa.pub to the external machine, and put it in:
> >
> > .ssh/authorized_keys
> >
> > in the new account. This will allow the internal account to log into
> > the external machine as this user, without providing a password.
>
> You're doing that the wrong way round, IMO. The OP would want to run
> scp from the LAN box, not the DMZ box. Doing it the way you suggest a)
> requires that a hole is opened in the firewall to allow the DMZ box ssh
> access to the internal network and b) potentially gives the user account
> on the DMZ box much greater access to the LAN box than is necessary.
I obviously wasn't being very clear, since I thought I was suggesting
initiating things from the LAN box :)
--
6973E2CF print 2C95 66AD 1596 37D2 41FC 609F 76C0 A4EC 6973 E2CF
"The purpose of all war is robbery."
-- Voltaire
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list