Thanks guys. Very interesting info. We are already using SSH Key only and SOCKS to access devices behind Astlinux which works well. I didn’t know about proxychains though which will be MUCH better than having to keep changing the proxy config on Firefox.
I have considered using a jump server in our management network but there was always the concern that if it was compromised then attackers are a step closer to being able to access all our systems and possibly the devices behind them. There are certainly a few things that you can do however to mitigate this including encrypting drives (and backups) and having multiple layers of security. Certainly some more ideas to think about. Thanks again. Regards Michael Knill From: Michael Keuter <li...@mksolutions.info> Date: Saturday, 19 August 2023 at 2:20 am To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Accessing devices behind Astlinux Here is also an interesting video regarding jump servers: https://www.youtube.com/watch?v=KIeBC7NIzj4 Michael http://www.mksolutions.info > Am 18.08.2023 um 17:44 schrieb Michael Keuter <li...@mksolutions.info>: > > Nice video, very interesting. > > BTW: on macOS you can install Proxychain via Homebrew with: > > brew install proxychains-ng > > and call it with "proxychain4 firefox". > >> Am 18.08.2023 um 17:02 schrieb Lonnie Abelbeck <li...@lonnie.abelbeck.com>: >> >> Hi Michael, >> >> I don't have any personal experience to share, but Tom Lawrence has a >> related video [1] >> >> Youtube: SSH Jump Server Access and How To Pivot Using OpenVPN & Proxychains >> >> I suspect this could all be done with SSH+SOCKS (Proxychains) and no OpenVPN >> tunnel as his example does. >> >> Key takeaways are to encrypt the Jump Server's drive (and backup), keep it >> local and secure from the internet, limit remote AstLinux SSH access via its >> firewall and Jump Server ssh key. >> >> >> Alternatively, some sort of automation to keep the remote AstLinux SSH keys >> updated from one hardened location. >> >> Lonnie >> >> [1] https://www.youtube.com/watch?v=jqudlmfG0zA >> >> >> >>> On Aug 18, 2023, at 2:17 AM, Michael Knill >>> <michael.kn...@ipcsolutions.com.au> wrote: >>> >>> Hi All >>> >>> Here is the issue: >>> We access devices behind Astlinux currently using SSH Tunnelling and SOCKS. >>> It works well however it is becoming increasingly difficult in managing >>> local authentication to do this such as using SSH Keys. >>> We are going to be bringing on additional staff and I don’t want to have to >>> go into every system to add credentials or keys every time we bring on a >>> new staffmember. >>> >>> Just wondering if there are any options for external authentication of SSH >>> rather than local on Astlinux e.g. using RADIUS >>> Could there be any other options e.g. HTTPS proxy? >>> >>> Regards >>> >>> Michael Knill >>> Managing Director _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
