Skip to main content
Unix & Linux

Return to Answer

added 22 characters in body
Source Link
DannyNiu
DannyNiu
  • 722
  • 6
  • 22

This is actually mostly a security question.

Point 1

The only way an SSH proxy can be useful is when the target host stays behind public network, such as the following:

                                     +--- Office Computer 1
Internet <--- Router-NAT-Firewall <--+--- Office Computer 2
                                     +--- Linux Server (no port forwarding)
                                     +=== Windows Server (with SSH port forwarding)

Otherwise, your Windows server is just an actor playing in a security theater.

Point 2

SSH is a very useful transport protocol for applications, you should maximize its security by mandating users use public-key cryptography to authenticate themselves.

In "sshd_config":

  • Use the "AllowUsers" directive to select the users allowed to login from SSH.

  • Use the "Match" directive on the selected users and use "AuthenticationMethods" directive to restrict them from logging in with passwords.

This is actually mostly a security question.

Point 1

The only way an SSH proxy can be useful is when the target host stays behind public network, such as the following:

                                     +--- Office Computer 1
Internet <--- Router-NAT-Firewall <--+--- Office Computer 2
                                     +--- Linux Server (no port forwarding)
                                     +=== Windows Server (with SSH port forwarding)

Otherwise, your Windows server is just an actor playing in a security theater.

Point 2

SSH is a very useful transport protocol for applications, you should maximize its security by mandating users use public-key cryptography to authenticate themselves.

  • Use the "AllowUsers" directive to select the users allowed to login from SSH.

  • Use the "Match" directive on the selected users and use "AuthenticationMethods" directive to restrict them from logging in with passwords.

This is actually mostly a security question.

Point 1

The only way an SSH proxy can be useful is when the target host stays behind public network, such as the following:

                                     +--- Office Computer 1
Internet <--- Router-NAT-Firewall <--+--- Office Computer 2
                                     +--- Linux Server (no port forwarding)
                                     +=== Windows Server (with SSH port forwarding)

Otherwise, your Windows server is just an actor playing in a security theater.

Point 2

SSH is a very useful transport protocol for applications, you should maximize its security by mandating users use public-key cryptography to authenticate themselves.

In "sshd_config":

  • Use the "AllowUsers" directive to select the users allowed to login from SSH.

  • Use the "Match" directive on the selected users and use "AuthenticationMethods" directive to restrict them from logging in with passwords.

Source Link
DannyNiu
DannyNiu
  • 722
  • 6
  • 22

This is actually mostly a security question.

Point 1

The only way an SSH proxy can be useful is when the target host stays behind public network, such as the following:

                                     +--- Office Computer 1
Internet <--- Router-NAT-Firewall <--+--- Office Computer 2
                                     +--- Linux Server (no port forwarding)
                                     +=== Windows Server (with SSH port forwarding)

Otherwise, your Windows server is just an actor playing in a security theater.

Point 2

SSH is a very useful transport protocol for applications, you should maximize its security by mandating users use public-key cryptography to authenticate themselves.

  • Use the "AllowUsers" directive to select the users allowed to login from SSH.

  • Use the "Match" directive on the selected users and use "AuthenticationMethods" directive to restrict them from logging in with passwords.