ssh port forwarding / security risk

Posted by jcooper on Server Fault See other posts from Server Fault or by jcooper
Published on 2010-04-06T15:05:05Z Indexed on 2010/04/06 15:13 UTC
Read the original article Hit count: 215

Filed under:

Hi there,

I want to access a web application running on a web server behind my office firewall from an external machine.

We have a bastion host running sshd that is accessible from the Internet.

I want to know if this solution is a bad idea:

  • Create an account on the bastion host with shell=/bin/false and no password ('testuser')
  • Create a ssh RSA key on the external machine
  • Add the public RSA key to the testuser's authorized_keys file
  • ssh to the bastion host from the external host using: ssh -N 8888:targethost:80
  • run my tests from the external host
  • shut down the ssh tunnel

I understand that if my RSA private key were compromised then someone could ssh to the bastion host. But are there other reasons this solution is a bad idea?

thank you!

© Server Fault or respective owner

Related posts about ssh

Related posts about port-forwarding