[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN

health

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN

From:	Christoph H. Larsen
Subject:	[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!)
Date:	Tue, 21 Feb 2012 21:15:29 +0430
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.20) Gecko/20110820 Iceowl/1.0b2 Icedove/3.1.12

Dear All,

Safe remote admin access for GNU Health is an important issue, as remote
help and assistance may be required at times. I am no big fan of
password, only, secured public access, and we do not yet have
certificate-secured access easily available for GNU Health.
What I do for contraptions like phpPgAdmin and friends is that I simple
deploy an SSH tunnel. I tried the same for the Tryton client, issued on
my local (remote) Linux workstation - something along the lines of:

ssh -i ~/.ssh/id_rsa_[ssh_user_name] -L 8001:127.0.0.1:8000 -N -t -v -x
address@hidden

All is fine to the ponit I am prompted to enter the certificate's
password. I then get:
---
debug1: Authentication succeeded (publickey).
Authenticated to dkgmdc.com ([121.100.52.138]:667).
debug1: Local connections to LOCALHOST:8001 forwarded to remote address
127.0.0.1:8000
debug1: Local forwarding listening on ::1 port 8001.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8001.
debug1: channel 1: new [port listener]
debug1: Requesting address@hidden
debug1: Entering interactive session.
debug1: client_input_global_request: rtype address@hidden
want_reply 1
---
The last line is repeated over and over till timeout occurs.

This is what I get in the server's /var/log/auth.log:
---
Feb 21 21:07:13 hmis sshd[4219]: Accepted publickey for [ssh_user_name]
from 121.100.52.138 port 60013 ssh2
---
Not overly helpful, except that I managed to enter the right certificate
password ;).

I have zero problems using ssh (at the given port) to enter the server
via the secure shell, so the server's FreeBSD pf firewall should be
perfectly fine.

Any thoughts? I think it wolud be nicxe to be able to use ssh tunneling
for added remote administration security...

Cheers, and thanks a lot!

Chris

-- 
Dr. Christoph H. Larsen
synaLinQ (Vietnam)                      synaLinQ (Kenya)
P.O. Box 55, Bưu điện NT, 01 Pasteur    P.O. Box 1607, Village Market
Nha Trang, Khánh Hòa                    Nairobi 00621
Vietnam                                 Kenya
Mobile: +84-98-9607357                  Mobile: +254-753-632481
        +49-176-96456254 (Germany)
Fax:    +49-231-292734790
Email:  address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!), Christoph H. Larsen <=
- Re: [Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!), Luis Falcon, 2012/02/21
  - Re: [Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!), Christoph H. Larsen, 2012/02/23

Prev by Date: Re: [Health] GNU Health Database Copying
Next by Date: Re: [Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!)
Previous by thread: [Health] Problems with back and restore from Tryton client
Next by thread: Re: [Health] SSH tunneling for secure remote GNU Health admin (a.k.a. no VPN, pleeeze!)
Index(es):
- Date
- Thread