Hi, I myself can recommend using openvpn. it is easy to configure securly and let your users connect to the vitual ethernet adapter e.g tun0 over an encrypted tunnel. each user can have his own key and the howto is very good. You can then configure your firewall to only give access to the db port. I use both solutions (also suse 9.3), ssh tunnel and openvpn. the only advantage of ssh in this case is that you dont have to install a virtual ethernet adapter on your client, eg one can connect from any windows client with internet access right on from usb stick with putty without any driver install. but if u use always the same clients this is not important... another advantage is of course that bad-programmed software only capable of connecting to localhost can be used. openvpn also runs very reliable as windows service, also with dynamic ips. regards, vbargsten Andreas schrieb:
Hi,
is there a way to get expernal people to establish a SSH tunnel to one firewalled internal port without them getting a real shell to snoop around?
I'd like to let some externals use our database server that sits behind a port filter. There is only the ssh port to come in.
Up until now there was only me and I trust me enough to grant me a shell. ;-)
Are there reasonably simple alternatives to do this without SSH?
I've got SUSE 9.3 on our server and the clients would be all kinds of Windows. Our Internet connection has no fixed IP but this would be manageable with a dynamic dns service, I suppose. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org