[LUNI] SSH Trickery
Ramin K
ramin-list at badapple.net
Wed Feb 7 14:46:31 CST 2007
Demetri Mouratis wrote:
> Hi,
>
> While I'm normally the one proposing SSH tricks like the one I'm after,
> I thought I would throw this one out there for discussion.
>
> I have an office network, to which my, my boss's, and my entire
> engineering team's PCs are connected. This network sits behind a NAT
> firewall and is locally addressed in RFC 1918 space. We have a colo
> facility, with a number of Linux boxes and several networks laid out as
> VLANs. One network is for the production hosts, and there is a second
> network we refer to as an admin network. We run monitoring, logging,
> and other administrative processes from an ops2 server in this admin
> network against production, including SSH. We want to prevent our Eng
> team from accessing the production network while still allowing my
> group, Operations, to do their jobs.
ssh production_box
useradd admin
userdel engineer
That's how we do it on my network. Am I making this too simple?
Ramin
More information about the luni
mailing list