Accessing Computer

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Jan 8 15:56:59 UTC 2010 

Carmel wrote:
> On Fri, 8 Jan 2010 08:12:28 -0500 Bill Moran <wmoran at potentialtech.com> articulated:
> 
>> In response to Carmel <carmel_ny at hotmail.com>:
>>
>>> Assume three computers.
>>>
>>> Computer 1 runs Windows with Putty installed
>>> Computer 2 & 3 run FreeBSD
>>>
>>> Computer 1 runs Putty and creates a key that is installed on computer 2.
>>> Computer 2 has a key that is installed on computer 3.
>>>
>>> If someone were to use computer 1 via Putty to access computer 2, would
>>> they then be able to access computer 3? If so, how could I prevent it
>>> from happening?
>> You could prevent ssh connections from 2 -> 3 on port 22 via firewall.
> 
> I  am not sure if I am following you correctly. I frequently access
> computer 3 from computer 2. If I block port 22 I will have to use
> another on, correct? If I do enable another one, what is to prevent a
> user on computer 1 from accessing computer 2 and then on to computer 3?
> 
> What I want to accomplish is making it impossible to access computer 3
> from other than computer 2 and then only if computer two is not being
> used as a slave from computer 1, or any other computer for that matter.

In order to do this, you'ld have to have a private key stored on Computer 2.

Unfortunately, if you or anyone authorised to use that key pair logs into
Computer 2 they can then use that key to ssh into Computer 3 irrespective
of whether they logged in over the network, or on Computer 2's console.
 
> Probably what I want cannot be implemented; however, I thought I would
> ask anyway.

I don't think it can.  But the big 'if' in my statement above is 'authorized
to use the private key' -- or in other words they know the passphrase there.
Just don't tell the user from Computer 1 the passphrase to the key on Computer
2 and you will achieve the desired effect.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100108/87099400/signature.pgp

More information about the freebsd-questions mailing list