OpenSSH, Telnet, Windows Authentication and double-hops
- From: "jmartzoo-google@xxxxxxxxx" <jmartzoo-google@xxxxxxxxx>
- Date: Thu, 11 Oct 2007 12:48:23 -0700
We're looking for a solution to create a secure single-signon
deployment on a Windows network. The chain of connections looks like
this:
Client: Telnets through SSH Tunnel to -->
Server1: that runs our application locally and connects to --->
Server2: that serves up the database using SQL Server
We're hitting an issue when we reach the SQL Server machine. Logging
in to SQL Server, the network has deprecated our logon down to 'NT
AUTHORITY\ANONYMOUS LOGON' . The database kicks us out.
We've learned that this is commonly refered to as the "double-hop"
issue and is well known with web development. There are mechanisms in
IIS to set up delegation and impersonation and caching etc, to get
past this.
We want to continue using public/private key authentication for the
SSH. We've tried the -A switch when starting up the SSH tunnel with
no avail.
Is there anything that SSH can offer us so that we can maintain the
authentication ticket over the second hop?
.
- Follow-Ups:
- Re: OpenSSH, Telnet, Windows Authentication and double-hops
- From: Richard E. Silverman
- Re: OpenSSH, Telnet, Windows Authentication and double-hops
- Prev by Date: Re: Unable to open //.ssh2/identification
- Next by Date: Re: OpenSSH, Telnet, Windows Authentication and double-hops
- Previous by thread: UDP multicast over SSH
- Next by thread: Re: OpenSSH, Telnet, Windows Authentication and double-hops
- Index(es):
Relevant Pages
|
