Unique ssh/sftp requirement

From: "Odaniel, Jim (Mission Systems)" <Jim.Odaniel@xxxxxxx>
Date: Mon, 26 Jun 2006 11:45:39 -0700

Hi,
I have a unique ssh/sftp requirement. I have two networks
separated by a firewall. I would like to allow anyone on my "internal"
network to ssh to my "external" network but I would like to control who
is allowed to sftp/scp files from my internal network to my external
network. How can I do this? Is there a way to do this if my firewall
doesn't support controlling such an activity? Will setting up some kind
of internal proxy/port forwarding server do the trick?

The version that I am using is:
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell - A.04.00.000

Thanks for your help!
Jim O'Daniel
Unix Systems Administrator Northrop Grumman
Jim.odaniel@xxxxxxx

Follow-Ups:
- Re: Unique ssh/sftp requirement
  - From: Johan De Meersman
- Re: Unique ssh/sftp requirement
  - From: Robert Hajime Lanning

Prev by Date: Re: Installation problem: ./configure
Next by Date: More security with lock forwarding?
Previous by thread: Installation problem: ./configure
Next by thread: Re: Unique ssh/sftp requirement
Index(es):
- Date
- Thread

Relevant Pages

Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
(Firewall-Wizards)
Re: Questions on some wierd /var/log entries
... How do I find out if I'm on an ipv6 network? ... That is because I prefer using iptables directly. ... then you should start learning about its firewall ... Another important restriction for ssh is to authenticate by certificate ...
(comp.os.linux.misc)
RE: can ping but not browse
... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
(Fedora)
Re: Unique ssh/sftp requirement
... The network layer (where the firewall works) sees no difference in the content ... of an ssh connection vs. an scp/sftp connection. ... > Preferably at the server end, ...
(SSH)
Re: Turn off all sharing and network discovery
... which is basically Windows XP running as a virtual ... It does need its own AV and firewall. ... unnecessary network resource sharing and resource discovery. ...
(microsoft.public.windowsxp.general)