[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN

From: Christoph H. Larsen
Subject: [Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!)
Date: Tue, 21 Feb 2012 21:15:29 +0430
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110820 Iceowl/1.0b2 Icedove/3.1.12

Dear All,

Safe remote admin access for GNU Health is an important issue, as remote
help and assistance may be required at times. I am no big fan of
password, only, secured public access, and we do not yet have
certificate-secured access easily available for GNU Health.
What I do for contraptions like phpPgAdmin and friends is that I simple
deploy an SSH tunnel. I tried the same for the Tryton client, issued on
my local (remote) Linux workstation - something along the lines of:

ssh -i ~/.ssh/id_rsa_[ssh_user_name] -L 8001: -N -t -v -x

All is fine to the ponit I am prompted to enter the certificate's
password. I then get:
debug1: Authentication succeeded (publickey).
Authenticated to ([]:667).
debug1: Local connections to LOCALHOST:8001 forwarded to remote address
debug1: Local forwarding listening on ::1 port 8001.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on port 8001.
debug1: channel 1: new [port listener]
debug1: Requesting address@hidden
debug1: Entering interactive session.
debug1: client_input_global_request: rtype address@hidden
want_reply 1
The last line is repeated over and over till timeout occurs.

This is what I get in the server's /var/log/auth.log:
Feb 21 21:07:13 hmis sshd[4219]: Accepted publickey for [ssh_user_name]
from port 60013 ssh2
Not overly helpful, except that I managed to enter the right certificate
password ;).

I have zero problems using ssh (at the given port) to enter the server
via the secure shell, so the server's FreeBSD pf firewall should be
perfectly fine.

Any thoughts? I think it wolud be nicxe to be able to use ssh tunneling
for added remote administration security...

Cheers, and thanks a lot!


Dr. Christoph H. Larsen
synaLinQ (Vietnam)                      synaLinQ (Kenya)
P.O. Box 55, Bưu điện NT, 01 Pasteur    P.O. Box 1607, Village Market
Nha Trang, Khánh Hòa                    Nairobi 00621
Vietnam                                 Kenya
Mobile: +84-98-9607357                  Mobile: +254-753-632481
        +49-176-96456254 (Germany)
Fax:    +49-231-292734790
Email:  address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]