[clug] Wanted: Developer to securely implement a restricted SSH shell

Nathan O'Sullivan nathan at mammoth.com.au
Thu Mar 4 23:24:21 MST 2010

Sorry to dig up an old thread but a few people were interested in seeing 
the final product.

Ultimately after a lot of internal discussion we decided to scrap the 
whole thing and just use Xen's VNC function, since it gives us automatic 
support for windows too, seemingly has less potential exploit vectors, 
and can be integrated into our website pretty easily with one of the 
java VNC viewer applets.

I dont really have much to show here - we've got our Xen servers on a 
private LAN, with a machine on both the public internet and private LAN. 
When a customer wants to access their VNC console, I've used socat to 
create an SSL forward from that public machine onto the LAN. Simple, but 
working well.

Thanks to everyone who gave their input!


More information about the linux mailing list