SSH through jump box more secure?

From: inetquestion <inetquestion@xxxxxxxxxxx>
Date: Mon, 28 Jul 2008 19:12:32 -0700 (PDT)

ssh through jump box more secure?

A couple of fellow computer geeks and I were discussing some proposed
changes to how people/processes access servers within the DMZ. The
proposed solution involved routing all SSH access through a set of
jump box servers. From there you could then ssh wherever you need to
go. These servers also allow you to tunnel your traffic through to a
server on the inside. They also allow you to setup ssh key pairs so
that you do not have to enter a username/password during each hop. My
initial concern is that this new policy is going to break many of the
existing processes which are working with direct ssh access to all the
target hosts. They assured me that any commands I run today will work
when going through the new jump boxes.

My overall response to this change wasn't very positive. To me it
seems like its a lot of changes to dozens of scripts with no real
benefit or added security. There also seems to be some flaws in how
the implementation is being proposed. The essentially have left it up
to each user to work out for themselves how to manage setting up the
ssh tunnels. From what I have seen so far most people are hard coding
these tunnels to specific ports. For a small set of tests/users this
probably works well. However what happens when you end up with
different groups of users who clobber each others attempts to setup
the ssh tunnels? Granted you could solve this problem with code, but
it seems like a hack to me...

Back to the basic question of this post, what is the added security
here? So now you have one box (or a set) to go through...so what? If
I can do all the same actions I once could what added security is
being employed? Since most of the processes we are talking about here
use services accounts to operate none of them are tied to an
individual. I agree with the approach for individual users, but for
automated processes it just doesn't seem to make sense. Have any of
you run into this problem before?

-Inet
.

Follow-Ups:
- Re: SSH through jump box more secure?
  - From: Andrew Gideon

Prev by Date: Re: sftp server with chrootdirectory setup
Next by Date: Re: SSH through jump box more secure?
Previous by thread: sftp server with chrootdirectory setup
Next by thread: Re: SSH through jump box more secure?
Index(es):
- Date
- Thread

Relevant Pages

Analysis of SSH crc32 compensation attack detector exploit
... Analysis of SSH crc32 compensation attack detector exploit ... detector vulnerability to remotely compromise a Red Hat Linux ... Active Internet connections (servers and established) ...
(Incidents)
dmz security policy - ssh through jump server
... changes to how people/processes access servers within the DMZ. ... From there you could then ssh wherever you need to ... to setup the ssh tunnels or a set of scripts run by the same user step ... Back to the original point of this post, what is the added security to ...
(comp.security.firewalls)
Re: Agent Forwarding Question for the list
... I provided a suggestion (invoking ssh with -vvv) as to how to further troubleshoot the problem. ... I was determined to ask the experts in case it was a common mistake or something that simply is not possible under openssh. ... Say in the ideal setup for development servers I'd have a cronuser, scriptuser, monitoruser, cvsuser, and root all configured with my public key and that I could jump in and out of each not only from my own Linux Desktop, but through each user to each user on other servers in the development chain. ... After reading all the documentation and FAQs I could find, I had assumed ssh-agent on the desktop and agent forwarding on the servers would be sufficient, but something is blocking the forwarding, or I'm way off and this isn't how it's meant to work. ...
(SSH)
Re: Agent Forwarding Question for the list
... I can see from the debugs that even though the machine lets me jump from the desktop to the first server, when I jump to the second server it checks the agent for a key and finds none, then fails over to checking for the user's nonexistant local private key and then to keyboard-interactive,password. ... I can now do exactly what I needed: happily ssh and scp data back and forth across different servers and users. ... If the users on the second hop do not have a valid public-key, then the forwarding will not work. ... Say in the ideal setup for development servers I'd have a cronuser, scriptuser, monitoruser, cvsuser, and root all configured with my public key and that I could jump in and out of each not only from my own Linux Desktop, but through each user to each user on other servers in the development chain. ...
(SSH)
Re: create a SSH connection without password WITH EXPECT
... connection by ssh on a distant server but it doesnt work. ... from every servers on a single syslog daemon. ... set Host [lindex $argv 0] ...
(comp.lang.tcl)