-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You could set up tunnels from server1 to server 2 and 3 and then access these servers from your windows machine by going through server 1. ie server1> ssh user@server2 -L 10000:server2:22 -g server1> ssh user@server3 -L 10001:server3:22 -g now server2 is accessible on port 10000 of server1 and server3 is accessible on port 10001 of server1. - From your windows host, you can now SSH to port 10000 of server1 and end up on server2. However, now you do have an open shell running on the server1 to server2 and 3. Use a user with the least possible rights for this connection and make sure that you have good (fysical) security on server1. Another possibility is to use a firewall on server1 and make it do portforwarding to server2 and 3. in iptables, this would be an example rule for server1: $IPTABLES -t nat -A PREROUTING -p tcp --dport 10000 -i ETHx -j DNAT - --to server2:22 $IPTABLES -t nat -A PREROUTING -p tcp --dport 10001 -i ETHx -j DNAT - --to server3:22 again, server2 and 3 are accessible on port 10000 and 10001 of server1, but now, there is no open shell on from server1 to server2 and 3. hth, maarten - ----- Original Message ----- From: "Maynard B. Fernando" <maynard@broline.com> To: <security-discuss@linuxsecurity.com> Sent: Friday, February 15, 2002 4:34 AM Subject: ssh > hi all! > > i installed OpenSSH 3.x.x in my 3 linux servers... i want to > access them in a window-based machine like this: > > ssh-->server1-->ssh-->server2 > ssh-->server1-->ssh-->server3 > > and not like this: > > ssh server2 > ssh server3 > > my current setup: > > ssh-->server1-->ssh-->server2 > ssh-->server1-->ssh-->server3 > ssh-->server2 > ssh-->server3 > > i want all ssh go to server1 first to access server2 and server3 > respectively... what changes i should make? please . . . > > Maynard B. Fernando > Tel. Nos.: 632.840.0881 / 632.840.0882 > http://www.broline.com > > "Men of genius are admired, men of wealth > are envied, men of power are feared, but > only men of character are trusted!" > > > -------------------------------------------------------------------- > ---- > To unsubscribe email > security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBPG+Uk5j3zCKq1vRDEQI+EQCgznDcEcI/eOzTEKs2I/8jZc4ddMYAn3md xoG/i0LR2J4kDFtDy7LsC+bD =iXbN -----END PGP SIGNATURE----- ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
