sshd

[Lan Barnes]

mmarion at miguelito.org wrote:

> This is also why I use RSA logins only on public accessible boxes.  Not only
> do they have to somehow get my secret key file, but they have to break my
> passphrase too.

Lemme get this straight (and this is a real question, not a challenge,
'cause I'm ignorant and trying to learn this stuff): Are you saying that
ssh to the firewall is intrinsically more secure than ssh _through_ the
firewall?

1)
   ________   ssh      _________________  telnet   _____________
  /bad web/ --------> /sshd on firewall/ -------> /internal box/
  --------             ----------------           -------------

2)

   ________   ssh      ______________________ fwd ssh  
_____________________
  /bad web/ --------> /ipmasqadm on firewall/ -------> /sshd on internal
box/
  --------             ---------------------          
---------------------

So if I understand you, (1) is more secure than (2), right?

-- 
Lan Barnes                 lbarnes at san.rr.com
Icon Consulting, Inc       858-273-6677

I worry about my child and the Internet all the time, 
even though she's too young to have logged on yet. Here's
what I worry about. I worry that 10 or 15 years from now, 
she will come to me and say 'Daddy, where were you
when they took freedom of the press away from the Internet?'
                              - Mike Godwin