SSH through jump box more secure?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
ssh through jump box more secure?

A couple of fellow computer geeks and I were discussing some proposed
changes to how people/processes access servers within the DMZ.  The
proposed solution involved routing all SSH access through a set of
jump box servers.  From there you could then ssh wherever you need to
go.  These servers also allow you to tunnel your traffic through to a
server on the inside.  They also allow you to setup ssh key pairs so
that you do not have to enter a username/password during each hop.  My
initial concern is that this new policy is going to break many of the
existing processes which are working with direct ssh access to all the
target hosts.  They assured me that any commands I run today will work
when going through the new jump boxes.

My overall response to this change wasn't very positive.  To me it
seems like its a lot of changes to dozens of scripts with no real
benefit or added security.  There also seems to be some flaws in how
the implementation is being proposed.  The essentially have left it up
to each user to work out for themselves how to manage setting up the
ssh tunnels.  From what I have seen so far most people are hard coding
these tunnels to specific ports.  For a small set of tests/users this
probably works well.  However what happens when you end up with
different groups of users who clobber each others attempts to setup
the ssh tunnels?  Granted you could solve this problem with code, but
it seems like a hack to me...

Back to the basic question of this post, what is the added security
here?  So now you have one box (or a set) to go what?  If
I can do all the same actions I once could what added security is
being employed?  Since most of the processes we are talking about here
use services accounts to operate none of them are tied to an
individual.  I agree with the approach for individual users, but for
automated processes it just doesn't seem to make sense.  Have any of
you run into this problem before?


Re: SSH through jump box more secure?

On Mon, 28 Jul 2008 19:12:32 -0700, inetquestion wrote:

Quoted text here. Click to load it

What types of tunnels are being built?  I'm envisioning all the listen()
ing being on the "local" side (ie. the "outside box").  Aren't these
personal machines, and doesn't that make collisions unlikely?

Or are people using -R tunnels?

What about skipping tunnels and going to a real VPN approach (via the -w

    - Andrew

Site Timeline