Carmel wrote:
On Fri, 8 Jan 2010 08:12:28 -0500 Bill Moran <wmo...@potentialtech.com> articulated:In response to Carmel <carmel...@hotmail.com>:Assume three computers. Computer 1 runs Windows with Putty installed Computer 2 & 3 run FreeBSD Computer 1 runs Putty and creates a key that is installed on computer 2. Computer 2 has a key that is installed on computer 3. If someone were to use computer 1 via Putty to access computer 2, would they then be able to access computer 3? If so, how could I prevent it from happening?You could prevent ssh connections from 2 -> 3 on port 22 via firewall.I am not sure if I am following you correctly. I frequently access computer 3 from computer 2. If I block port 22 I will have to use another on, correct? If I do enable another one, what is to prevent a user on computer 1 from accessing computer 2 and then on to computer 3? What I want to accomplish is making it impossible to access computer 3 from other than computer 2 and then only if computer two is not being used as a slave from computer 1, or any other computer for that matter.
In order to do this, you'ld have to have a private key stored on Computer 2. Unfortunately, if you or anyone authorised to use that key pair logs into Computer 2 they can then use that key to ssh into Computer 3 irrespective of whether they logged in over the network, or on Computer 2's console.
Probably what I want cannot be implemented; however, I thought I would ask anyway.
I don't think it can. But the big 'if' in my statement above is 'authorized to use the private key' -- or in other words they know the passphrase there. Just don't tell the user from Computer 1 the passphrase to the key on Computer 2 and you will achieve the desired effect. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature