remote admin question
From: Kirt (xiombarg@fnord.io.com)
Date: 02/05/03
- Next message: Jeff Costa: "mail facility to use with LogSentry?"
- Previous message: Kirt : "Re: telnet replacement - not ssh?"
- Next in thread: James Holden: "Re: remote admin question"
- Reply: James Holden: "Re: remote admin question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kirt "Loki" Dankmyer" <xiombarg@fnord.io.com> Date: Wed, 05 Feb 2003 13:01:03 -0600
(I'd like to thank everyone who helped me on my last question. Even if I
didn't take your advice, I appreciated it.)
Okay, here is the situation. This takes some explaining, so bear with me
here.
I have two machines. They're both UNIX boxes -- IRIX 6.5, to be precise.
One machine is behind a firewall, on the closed side of the network. We'll
call this machine Klosed. The other machine is on the open side of the
network, which connect to the Internet at large. We'll call this machine
Openn.
If something is going wrong with the software on Klosed, I get paged. I
need to be able to connect to (say) my ISP, ssh to Openn, and then, from
there, administer Klosed. There's a time issue when a problem happens, so
there's no time to, say, physically drive into the facility and administer
Klosed by physically logging into it. (In fact, if it's easier, imagine
Klosed is on the South Pole.)
So, the obvious solution would be, once I'm logged into Openn, to ssh
through the firewall to Klosed, and administer it from there.
However, it is against current security policy where I work for machines
on the open side of the network to initiate connections to machines on the
closed side. It is, however, okay for machines on the closed side to
initiate connections to the open side. Therefore, it's okay for Klosed to
connect to Openn but not for Openn to connect to Klosed, so the obvious
solution is right out.
(Before the discussion fires up on this like it did for my last question,
this policy is NOT SUBJECT TO CHANGE. I'm looking for a technical
solution that fits the parameters in question.)
So, I need some sort of program or service that Klosed can use to connect
to Openn (possibly with some sort of cron job, I dunno) such that once the
connection is established, I can login to Openn and administer Klosed. Is
there anything that is capable of this, and (ideally) is reasonably
secure? Kermit, perhaps? Remember that Openn cannot initiate any
connections to Klosed.
Thanks again for your help!
-- Kirt "Loki" Dankmyer -- yet another homepage at http://www.io.com/~xiombarg My opinions are my own. PGP public key available. Surreal poetry on request. "I waked, she fled, and day brought back my night." --Milton
- Next message: Jeff Costa: "mail facility to use with LogSentry?"
- Previous message: Kirt : "Re: telnet replacement - not ssh?"
- Next in thread: James Holden: "Re: remote admin question"
- Reply: James Holden: "Re: remote admin question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
