Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://toad.social/users/grumpybozo/statuses/114739494704288862">🆘Bill Cole 🇺🇦 (grumpybozo@toad.social)'s status on Wednesday, 25-Jun-2025 09:08:08 JST</a><a href="https://toad.social/@grumpybozo" title="grumpybozo@toad.social"><img src="https://gnusocial.jp/avatar/78300-48-20250312035138.webp" width="48" height="48" alt="🆘Bill Cole 🇺🇦" style="position: absolute; left: 0; top: 0;">🆘Bill Cole 🇺🇦</a><div><a href="https://libranet.de/display/0b6b25a8-2068-5a6e-2834-e1b070979224" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://libranet.de/profile/clacke">@clacke</a> Yes and no… <br>Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. </p><p><a href="https://toad.social/tags/infosec" rel="tag">#infosec</a> <a href="https://toad.social/tags/bastion" rel="tag">#bastion</a> <a href="https://toad.social/tags/jumphost" rel="tag">#jumphost</a><br><a href="https://toad.social/tags/ssh" rel="tag">#ssh</a> <a href="https://toad.social/tags/sshd" rel="tag">#sshd</a> <a href="https://toad.social/tags/OpenSSH" rel="tag">#OpenSSH</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5249994#notice-10307431">In conversation</a><time datetime="2025-06-25T09:08:08+09:00" title="Wednesday, 25-Jun-2025 09:08:08 JST">about 5 months ago</time> <span>from <span><a href="https://toad.social/@grumpybozo/114739494704288862" rel="external" title="Sent from toad.social via ActivityPub">toad.social</a></span></span><a href="https://toad.social/@grumpybozo/114739494704288862">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
🆘Bill Cole 🇺🇦 (grumpybozo@toad.social)'s status on Wednesday, 25-Jun-2025 09:08:08 JST🆘Bill Cole 🇺🇦
in reply to
- clacke
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles.
#infosec #bastion #jumphost
#ssh #sshd #OpenSSH
In conversationabout 5 months ago from toad.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice