Hacker News new | past | comments | ask | show | jobs | submit login

Looks really cool and well done, though I'm failing to see the value this adds vs using standard user access controls and a regular old terminal multiplexer like tmux or screen.

You can even get the same usage model very easy by doing what a lot of companies do by throwing up a 'jumpbox' that all users log in to. They then log into whichever server they need from that session. You can do both PAM based, and network based ACL's and it's fairly easy to manage through sudo etc.




The downside is loss of security. Since one's already being MitM'ed, there is no way to ensure the SSH connections aren't compromised.

The proper (security-wise) way to use jumpbox is to ask it to build a tunnel between your local machine and remote host you want to SSH into - then connect over that tunnel. That is, unless you ultimately trust the jumphost or have no interest in security besides the basics necessary to shoo away passive attackers.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: