[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN
From: |
Christoph H. Larsen |
Subject: |
[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!) |
Date: |
Tue, 21 Feb 2012 21:15:29 +0430 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.20) Gecko/20110820 Iceowl/1.0b2 Icedove/3.1.12 |
Dear All,
Safe remote admin access for GNU Health is an important issue, as remote
help and assistance may be required at times. I am no big fan of
password, only, secured public access, and we do not yet have
certificate-secured access easily available for GNU Health.
What I do for contraptions like phpPgAdmin and friends is that I simple
deploy an SSH tunnel. I tried the same for the Tryton client, issued on
my local (remote) Linux workstation - something along the lines of:
ssh -i ~/.ssh/id_rsa_[ssh_user_name] -L 8001:127.0.0.1:8000 -N -t -v -x
address@hidden
All is fine to the ponit I am prompted to enter the certificate's
password. I then get:
---
debug1: Authentication succeeded (publickey).
Authenticated to dkgmdc.com ([121.100.52.138]:667).
debug1: Local connections to LOCALHOST:8001 forwarded to remote address
127.0.0.1:8000
debug1: Local forwarding listening on ::1 port 8001.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8001.
debug1: channel 1: new [port listener]
debug1: Requesting address@hidden
debug1: Entering interactive session.
debug1: client_input_global_request: rtype address@hidden
want_reply 1
---
The last line is repeated over and over till timeout occurs.
This is what I get in the server's /var/log/auth.log:
---
Feb 21 21:07:13 hmis sshd[4219]: Accepted publickey for [ssh_user_name]
from 121.100.52.138 port 60013 ssh2
---
Not overly helpful, except that I managed to enter the right certificate
password ;).
I have zero problems using ssh (at the given port) to enter the server
via the secure shell, so the server's FreeBSD pf firewall should be
perfectly fine.
Any thoughts? I think it wolud be nicxe to be able to use ssh tunneling
for added remote administration security...
Cheers, and thanks a lot!
Chris
--
Dr. Christoph H. Larsen
synaLinQ (Vietnam) synaLinQ (Kenya)
P.O. Box 55, Bưu điện NT, 01 Pasteur P.O. Box 1607, Village Market
Nha Trang, Khánh Hòa Nairobi 00621
Vietnam Kenya
Mobile: +84-98-9607357 Mobile: +254-753-632481
+49-176-96456254 (Germany)
Fax: +49-231-292734790
Email: address@hidden
- [Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!),
Christoph H. Larsen <=