I want to access a web application running on a web server behind my office firewall from an external machine.
We have a bastion host running sshd that is accessible from the Internet.
I want to know if this solution is a bad idea:
- Create an account on the bastion host with shell=/bin/false and no password ('testuser')
- Create a ssh RSA key on the external machine
- Add the public RSA key to the testuser's authorized_keys file
- ssh to the bastion host from the external host using: ssh -N 8888:targethost:80
- run my tests from the external host
- shut down the ssh tunnel
I understand that if my RSA private key were compromised then someone could ssh to the bastion host. But are there other reasons this solution is a bad idea?
© Server Fault or respective owner