cancel
Showing results for 
Search instead for 
Did you mean: 

SSH Auth hopping Station

SOLVED
Go to solution
Duffster
Valued Contributor

SSH Auth hopping Station

Hi,

 

I have approx 20 servers in my domain (mostly RHEL) and from an administration point of view I was thinking of using a dedicated server as a hopping station and setting up SSH authentication keys bewteen it and the other servers so as to enable me to gain easy/quick access to any server in the domain.

 

In doing so this will prevent me from logging into each box separately and having to search for and enter in passwords every time I need to log in to a different server.

 

My question is this:

 a) is this a good idea

 b) are there any security implications I need to consider?

 

Thanks,

D.

2 REPLIES
Steven E. Protter
Exalted Contributor
Solution

Re: SSH Auth hopping Station

Shalom,

The security restrictions come to play if you allow root password free access too or from this hopping system. PCI and Sox audits often take a dim view of root password free access. This system should at least not have any real production running on it. Carefully consider what systems it can access. If it can access a DMZ/PCI Island system, if you have any you could have audit problems. Overall, I think the plan improves security.

I think it is a reasonable plan you have. You can close the firewall and prevent unauthorized system access. On the downside you have a single point of failure. If this system goes, a lot of potential work can not get done.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Duffster
Valued Contributor

Re: SSH Auth hopping Station

Hi SEP,

 

Thanks for the feedback, much appreciated.

 

Regards,

D.