Lois Bennett wrote: > On Wed, May 27, 2009 at 7:33 PM, John Jasen <[email protected]> wrote: >> Lois Bennett wrote: >>> So now a good bit later I am replying to this particular response to >>> my question because the answer now is yes I would like to simply >>> forward port 22. Can you give me any pointers on how to do that and >>> will it allow for scp to work? >> Maybe I'm being completely ignorant and missing the obvious, but what >> does plain port forwarding buy you besides complexity? >> > > I hope I won't have to provide user accounts on this machine. The > machine runs no services. No hand shaking to resolve. Just a box > that says " Oh, port 22 you want to got here. I'll guide you." At > least that is what I am hoping. What are the complexities I am > missing?
An intermediate hop that really doesn't buy you anything, in my opinion, unless its a border system between RFC1918 and public IP space. You're not getting any protocol enforcement from the bastion, you're not decrypting, inspecting and re-encrypting the session, you're not seeing any gains in logging that I see. Put simply, its like [warning: bad analogy guy attacks!] a doorman to an apartment building that will help you rattle all the doorknobs and maybe carry out the plasma TV from 13B. So, maybe I am missing a critical part of the design goals. -- -- John E. Jasen ([email protected]) -- No one will sorrow for me when I die, because those who would -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
