Q: ssh tunneling (port forwarding)
From: G. Ralph Kuntz, MD (grk@usa.net)Date: 04/19/02
- Next message: Alfredo Diaz: "Port forwarding and remote connection help!!"
- Previous message: Jeff Shipman - SysProg: "tunneling problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: grk@usa.net (G. Ralph Kuntz, MD) Date: 19 Apr 2002 12:14:12 -0700
I have a few questions about port forwarding in ssh and hope that
someone out there can answer them. My side runs linux with OpenSSH.
My company is entering a relationship with another company where they
would like to use ssh port forwarding to have their server application
communicate with our server application. I am not a security expert
and have some trepidations about using this technology.
As I understand it, I will write a program on my system that will
listen to a specific port (say 1234). SSH will be used from their
machine to tunnel through port 22 to port 1234.
Can an intruder run my listener program on port 1234 (am I opening
this port to outsiders) or can I specify that only connections from
127.0.0.1 will be accepted?
Can the other company run any arbitrary program on my machine since
they can run ssh on my machine? Can I restrict the set of programs the
other company can run on my machine?
Will my listener program be able to "authenticate" the other company's
software or do we still need digital signatures (PGP maybe)? Can I set
it up so that if they get through to my listener I am sure they came
through port 22 (ssh) and not directly to port 1234?
Thanks for any help you can give on these questions.
-Ralph
- Next message: Alfredo Diaz: "Port forwarding and remote connection help!!"
- Previous message: Jeff Shipman - SysProg: "tunneling problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
