> I'm very weary indeed of re-implementations of SSH servers.
The security properties of this are a little scary, too: the recommended configuration here has all hosts trusting the bastion, which kind of undoes the point. Pwn the bastion host, and pwn everything.
It's trickier, but a decent ssh jumphost requires the user to authenticate to the bastion and the host behind.
The security properties of this are a little scary, too: the recommended configuration here has all hosts trusting the bastion, which kind of undoes the point. Pwn the bastion host, and pwn everything.
It's trickier, but a decent ssh jumphost requires the user to authenticate to the bastion and the host behind.