SSH jump host solution
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I am researching the idea of implementing (using existing?) solutions of SSH jump hosts. There are two main use cases:
Organization wants to manage/limit/control the access to remote servers (certain people are allowed to login to certain servers). Organization wants to log commands issued by the user. As seamless as possible integration with organization infrastructure. One of the ideas was to use DNS to record designated remote, provide jump host's IP and capture connection.
The jump host based on LDAP will check if user is allowed to reach certain server and if so, will establish connection to remote and act like a proxy
Here are my questions:
Does the similar solution already exist ? (I couldn't find any)
What approach would you undertake to accomplish such use case(s) ? What do you think about utilizing DNS ?
How to ensure that user will not be aware of any jumps hosts on the way ? e.g. He would still be able to use X forwarding (
ssh someremote.host -X --other_option_that_should_work).
ssh proxy
edited Nov 6 '17 at 16:10
perror
1,82841833
asked Nov 6 '17 at 15:43
lakier
476
add a comment |Â
up vote
1
down vote
favorite
I am researching the idea of implementing (using existing?) solutions of SSH jump hosts. There are two main use cases:
Organization wants to manage/limit/control the access to remote servers (certain people are allowed to login to certain servers). Organization wants to log commands issued by the user. As seamless as possible integration with organization infrastructure. One of the ideas was to use DNS to record designated remote, provide jump host's IP and capture connection.
The jump host based on LDAP will check if user is allowed to reach certain server and if so, will establish connection to remote and act like a proxy
Here are my questions:
Does the similar solution already exist ? (I couldn't find any)
What approach would you undertake to accomplish such use case(s) ? What do you think about utilizing DNS ?
How to ensure that user will not be aware of any jumps hosts on the way ? e.g. He would still be able to use X forwarding (
ssh someremote.host -X --other_option_that_should_work).
ssh proxy
edited Nov 6 '17 at 16:10
perror
1,82841833
asked Nov 6 '17 at 15:43
lakier
476
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am researching the idea of implementing (using existing?) solutions of SSH jump hosts. There are two main use cases:
Organization wants to manage/limit/control the access to remote servers (certain people are allowed to login to certain servers). Organization wants to log commands issued by the user. As seamless as possible integration with organization infrastructure. One of the ideas was to use DNS to record designated remote, provide jump host's IP and capture connection.
The jump host based on LDAP will check if user is allowed to reach certain server and if so, will establish connection to remote and act like a proxy
Here are my questions:
Does the similar solution already exist ? (I couldn't find any)
What approach would you undertake to accomplish such use case(s) ? What do you think about utilizing DNS ?
How to ensure that user will not be aware of any jumps hosts on the way ? e.g. He would still be able to use X forwarding (
ssh someremote.host -X --other_option_that_should_work).
ssh proxy
edited Nov 6 '17 at 16:10
perror
1,82841833
asked Nov 6 '17 at 15:43
lakier
476
I am researching the idea of implementing (using existing?) solutions of SSH jump hosts. There are two main use cases:
Organization wants to manage/limit/control the access to remote servers (certain people are allowed to login to certain servers). Organization wants to log commands issued by the user. As seamless as possible integration with organization infrastructure. One of the ideas was to use DNS to record designated remote, provide jump host's IP and capture connection.
The jump host based on LDAP will check if user is allowed to reach certain server and if so, will establish connection to remote and act like a proxy
Here are my questions:
Does the similar solution already exist ? (I couldn't find any)
What approach would you undertake to accomplish such use case(s) ? What do you think about utilizing DNS ?
How to ensure that user will not be aware of any jumps hosts on the way ? e.g. He would still be able to use X forwarding (
ssh someremote.host -X --other_option_that_should_work).
ssh proxy
edited Nov 6 '17 at 16:10
perror
1,82841833
asked Nov 6 '17 at 15:43
lakier
476
edited Nov 6 '17 at 16:10
perror
1,82841833
edited Nov 6 '17 at 16:10
perror
1,82841833
edited Nov 6 '17 at 16:10
perror
1,82841833
1,82841833
asked Nov 6 '17 at 15:43
lakier
476
asked Nov 6 '17 at 15:43
lakier
476
asked Nov 6 '17 at 15:43
lakier
476
476
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f402855%2fssh-jump-host-solution%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
