Unique ssh/sftp requirement



Hi,
I have a unique ssh/sftp requirement. I have two networks
separated by a firewall. I would like to allow anyone on my "internal"
network to ssh to my "external" network but I would like to control who
is allowed to sftp/scp files from my internal network to my external
network. How can I do this? Is there a way to do this if my firewall
doesn't support controlling such an activity? Will setting up some kind
of internal proxy/port forwarding server do the trick?

The version that I am using is:
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell - A.04.00.000

Thanks for your help!
Jim O'Daniel
Unix Systems Administrator Northrop Grumman
Jim.odaniel@xxxxxxx



Relevant Pages

  • Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
    ... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
    (Firewall-Wizards)
  • Re: Questions on some wierd /var/log entries
    ... How do I find out if I'm on an ipv6 network? ... That is because I prefer using iptables directly. ... then you should start learning about its firewall ... Another important restriction for ssh is to authenticate by certificate ...
    (comp.os.linux.misc)
  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
    (Fedora)
  • Re: Unique ssh/sftp requirement
    ... The network layer (where the firewall works) sees no difference in the content ... of an ssh connection vs. an scp/sftp connection. ... > Preferably at the server end, ...
    (SSH)
  • Re: Turn off all sharing and network discovery
    ... which is basically Windows XP running as a virtual ... It does need its own AV and firewall. ... unnecessary network resource sharing and resource discovery. ...
    (microsoft.public.windowsxp.general)