topic Re: SSH Auth hopping Station in Operating System - Linux

SSH Auth hopping Station

Duffster — Tue, 05 Jul 2011 16:24:33 GMT

Hi,

I have approx 20 servers in my domain (mostly RHEL) and from an administration point of view I was thinking of using a dedicated server as a hopping station and setting up SSH authentication keys bewteen it and the other servers so as to enable me to gain easy/quick access to any server in the domain.

In doing so this will prevent me from logging into each box separately and having to search for and enter in passwords every time I need to log in to a different server.

My question is this:

a) is this a good idea

b) are there any security implications I need to consider?

Thanks,

Re: SSH Auth hopping Station

Steven E. Protter — Wed, 06 Jul 2011 15:51:08 GMT

Shalom,

The security restrictions come to play if you allow root password free access too or from this hopping system. PCI and Sox audits often take a dim view of root password free access. This system should at least not have any real production running on it. Carefully consider what systems it can access. If it can access a DMZ/PCI Island system, if you have any you could have audit problems. Overall, I think the plan improves security.

I think it is a reasonable plan you have. You can close the firewall and prevent unauthorized system access. On the downside you have a single point of failure. If this system goes, a lot of potential work can not get done.

SEP

Re: SSH Auth hopping Station

Duffster — Thu, 07 Jul 2011 13:38:30 GMT

Hi SEP,

Thanks for the feedback, much appreciated.

Regards,