@black3dynamite said in Copy SSH public key to ssem behind a jump box:

# From your host to your JUMPBOX # Not needed if your public key is already in placed cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'

ssh-copy-id should do this

So I set this up again on a new jump box today.

SSH attempts did not log until I changed the mode to ddos

@wrx7m said in Clients on the private side of a jump box:

@scottalanmiller said in Clients on the private side of a jump box:

Speaking of which, I need to go build a new jump box at a client site. MeshCentral makes our jump boxes more flexible.

I was following your thread on MC vs SC. What about MC makes it more flexible for your scenario?

Cost, speed, development, support, etc.

We've already gotten better support for smaller issues in MC than SC provides when you pay an arm and a leg and it is show stopping stuff!

MC will save us something like $1600 a year, and provides some really nice features that we like. And seems to have a bright future. SC has appeared to have gotten worse, not better, in the last two years. That's not good when you are paying so much.

But we really like the insanely fast "in browser" connections in MC. SC causes so much delay that it is frustrating. Only a few seconds, but when you are trying to work, unnecessary stopping and waiting makes people frustrated.

@anonymous said:

Nice Guide. Can you please add a link to the Jumpbox guide, I missed it.....

http://mangolassi.it/topic/6143/linux-lab-project-building-a-linux-jump-box

@JaredBusch said in Linux Lab Project: Building a Linux Jump Box:

@scottalanmiller said in Linux Lab Project: Building a Linux Jump Box:

First you would create users and SSH keys and then deploy them to the other boxes that you wish to connect to. This is the core of what makes the Jump Box a Jump Box. This is standard SSH key setup, nothing unique to a Jump Box.

Did you ever make a good write up on creating users and SSH keys? If so, I cannot find it.

I mean, I know how to make and use keys in general. But detail here would be good.

Write up for creating the users on the jump box and getting their SSH keys. Write up for pushing users and keys to other systems that said jump box will be allowing access. Write up for control of said access. Bob and Jill have access to Jump Box. Bob has Access to servers 1 & 2. Jill has access to server 2 & 3.

I know that @scottalanmiller has mentioned in another thread that he has a script to push this all out (question 2). I can only assume that the script has some controls to tell you which server so shove the key and user logon to (question 3).

@Dashrender said:

Isn't using a SSH key and a password considered two factor authentication?

It is not generally considered to be this. An SSH Key is just a really, really long password that you probably can't remember. Would you consider having two passwords, both entered from the same place, to be two factor? I would not. It's more like one factor plus. It's an incredibly secure single factor, but the key itself is still a single factor, just a really strong one.

http://mangolassi.it/topic/6143/linux-lab-project-building-a-linux-jump-box/