m.seaman at infracaninophile.co.uk
Fri Jan 8 15:56:59 UTC 2010
> On Fri, 8 Jan 2010 08:12:28 -0500 Bill Moran <wmoran at potentialtech.com> articulated:
>> In response to Carmel <carmel_ny at hotmail.com>:
>>> Assume three computers.
>>> Computer 1 runs Windows with Putty installed
>>> Computer 2 & 3 run FreeBSD
>>> Computer 1 runs Putty and creates a key that is installed on computer 2.
>>> Computer 2 has a key that is installed on computer 3.
>>> If someone were to use computer 1 via Putty to access computer 2, would
>>> they then be able to access computer 3? If so, how could I prevent it
>>> from happening?
>> You could prevent ssh connections from 2 -> 3 on port 22 via firewall.
> I am not sure if I am following you correctly. I frequently access
> computer 3 from computer 2. If I block port 22 I will have to use
> another on, correct? If I do enable another one, what is to prevent a
> user on computer 1 from accessing computer 2 and then on to computer 3?
> What I want to accomplish is making it impossible to access computer 3
> from other than computer 2 and then only if computer two is not being
> used as a slave from computer 1, or any other computer for that matter.
In order to do this, you'ld have to have a private key stored on Computer 2.
Unfortunately, if you or anyone authorised to use that key pair logs into
Computer 2 they can then use that key to ssh into Computer 3 irrespective
of whether they logged in over the network, or on Computer 2's console.
> Probably what I want cannot be implemented; however, I thought I would
> ask anyway.
I don't think it can. But the big 'if' in my statement above is 'authorized
to use the private key' -- or in other words they know the passphrase there.
Just don't tell the user from Computer 1 the passphrase to the key on Computer
2 and you will achieve the desired effect.
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100108/87099400/signature.pgp
More information about the freebsd-questions