[clug] Wanted: Developer to securely implement a restricted SSH shell
Nathan O'Sullivan
nathan at mammoth.com.au
Thu Mar 4 23:24:21 MST 2010
Sorry to dig up an old thread but a few people were interested in seeing
the final product.
Ultimately after a lot of internal discussion we decided to scrap the
whole thing and just use Xen's VNC function, since it gives us automatic
support for windows too, seemingly has less potential exploit vectors,
and can be integrated into our website pretty easily with one of the
java VNC viewer applets.
I dont really have much to show here - we've got our Xen servers on a
private LAN, with a machine on both the public internet and private LAN.
When a customer wants to access their VNC console, I've used socat to
create an SSL forward from that public machine onto the LAN. Simple, but
working well.
Thanks to everyone who gave their input!
Regards
Nathan
More information about the linux
mailing list