[Cialug] hiding a publicly accessible database server

Matthew Nuzum newz at bearfruit.org
Thu Sep 11 14:58:21 CDT 2008


On Thu, Sep 11, 2008 at 1:58 PM, Jeff Chapin <chapinjeff at gmail.com> wrote:
> I have had success in the past using the Single purpose keys as described on
> this page:http://pkeck.myweb.uga.edu/ssh/
>
> Basically, you make a key that is ONLY authorized to run one command  (a
> script) and you put your tunneling code in that script.

Neat idea, but I think I'm doing it wrong... following the example
when I use this I just get a shell prompt. Here's what I'm doing, am I
missing something?

command="echo I\'m `/usr/bin/whoami` on
`/bin/hostname`",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-dss AAAA...se1Ag== matt at single-purpose-key

ssh -i ~/.ssh/whoisit hostname

Thanks for the ssl idea too Jeff, I will try that and it sounds like
it may be the best option since it's the most straightforward. I've
just never done it before so it will be a learning experience.

-- 
Matthew Nuzum
newz2000 on freenode


More information about the Cialug mailing list