SSH Gateway Box

From JasonAntmanWiki
Jump to: navigation, search

At the moment, I have a single residential internet connection with a dynamic IP. Up until now, to access internal machines, I've kept an ancient (SuSE 9.3, distro installed around July 2006) machine running to use as an SSH gateway. There's no reason to open a whole bunch of machines to external SSH (all on different non-standard ports). So, I SSH or SFTP into this gateway box, and from their either SSH into internal machines, or access files via NFS mounts.

Given how old it is (ancient distro, and the box is a 350MHz gateway desktop with 128MB RAM), I've decided to replace it. At the moment, I'm looking into using my spare Soekris Net4501. That also has the benefit of three Ethernet ports, so I could theoretically bind different services to different ports.

Here are some of my thoughts on the project:

Partitioning

The Soekris will run on a CF card. I'm thinking somewhere around 2GB.

  • /var, mounted rw for logs and transient data
  • /etc, mounted ro
  • /home, mounted rw, with minimal local files and everything accessed via NFS

Software

At a minimum:

  • SSHd with SFTP
  • NFS client
  • Nagios check scripts and user
  • Quota, perhaps, to make sure stuff doesn't end up on the local CF
  • DenyHosts
Retrieved from "http://wiki.jasonantman.com/index.php?title=SSH_Gateway_Box&oldid=729"
Views
Notice - this is a static HTML mirror of a previous MediaWiki installation. Pages are for historical reference only, and are greatly outdated (circa 2009).
external content