So now a good bit later I am replying to this particular response to my question because the answer now is yes I would like to simply forward port 22. Can you give me any pointers on how to do that and will it allow for scp to work?
Thanks for all the interesting answers to my question as originally posed! Lois On Sat, May 16, 2009 at 12:37 AM, Daniel Pittman <[email protected]> wrote: > Lois Bennett <[email protected]> writes: > >> I need help with setting up a bastion host that will only allow users >> to ssh through. I know I should use the force command option in the >> sshd_conf file but it is being recalcitrant. Can anyone point me to a >> good tutorial on setting this up. I keep finding info about how to >> set up ssh tunneling for personal use but not how to set it up as the >> server default. The goal is a machine in the DMZ that users ssh into >> which does nothing but ssh them into the login server inside the >> firewall. > > Are you absolutely sure you don't want to forward port 22/tcp to the > inside machine, and so make your system a tiny bit simpler? > > In any case, can you explain what isn't working? "being recalcitrant" > isn't the most descriptive failure in the world, and the examples in the > manual page are fairly straight forward for running commands... > > My guess is that you are setting the forced command to 'ssh ...', which > is failing because it doesn't have access to the users public key, > and/or because it doesn't have access to a pty, but guessing is ... > > Regards, > Daniel > _______________________________________________ > Tech mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
