[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN
Christoph H. Larsen
[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!)
Tue, 21 Feb 2012 21:15:29 +0430
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:184.108.40.206) Gecko/20110820 Iceowl/1.0b2 Icedove/3.1.12
Safe remote admin access for GNU Health is an important issue, as remote
help and assistance may be required at times. I am no big fan of
password, only, secured public access, and we do not yet have
certificate-secured access easily available for GNU Health.
What I do for contraptions like phpPgAdmin and friends is that I simple
deploy an SSH tunnel. I tried the same for the Tryton client, issued on
my local (remote) Linux workstation - something along the lines of:
ssh -i ~/.ssh/id_rsa_[ssh_user_name] -L 8001:127.0.0.1:8000 -N -t -v -x
All is fine to the ponit I am prompted to enter the certificate's
password. I then get:
debug1: Authentication succeeded (publickey).
Authenticated to dkgmdc.com ([220.127.116.11]:667).
debug1: Local connections to LOCALHOST:8001 forwarded to remote address
debug1: Local forwarding listening on ::1 port 8001.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8001.
debug1: channel 1: new [port listener]
debug1: Requesting address@hidden
debug1: Entering interactive session.
debug1: client_input_global_request: rtype address@hidden
The last line is repeated over and over till timeout occurs.
This is what I get in the server's /var/log/auth.log:
Feb 21 21:07:13 hmis sshd: Accepted publickey for [ssh_user_name]
from 18.104.22.168 port 60013 ssh2
Not overly helpful, except that I managed to enter the right certificate
I have zero problems using ssh (at the given port) to enter the server
via the secure shell, so the server's FreeBSD pf firewall should be
Any thoughts? I think it wolud be nicxe to be able to use ssh tunneling
for added remote administration security...
Cheers, and thanks a lot!
Dr. Christoph H. Larsen
synaLinQ (Vietnam) synaLinQ (Kenya)
P.O. Box 55, Bưu điện NT, 01 Pasteur P.O. Box 1607, Village Market
Nha Trang, Khánh Hòa Nairobi 00621
Mobile: +84-98-9607357 Mobile: +254-753-632481
- [Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!),
Christoph H. Larsen <=