Security/Production Readiness about sshportal HOT 5 CLOSED

Hi,

There are two distinct parts in the sshportal flow:

1. applying logic to verify, configure and open a connection to the real remote
2. when the connection is established and the user interacts with the target host

The part 1. is entirely in-house, it tries to stay simple, and for now, I didn't have any security feedback (I know people using it in production and security people using it); please contact me / open an issue, if you find weaknesses in this part

The part 2. is very simple; it's like a proxy that forwards everything through the secure ssh connections; even if nothing can be considered as 100% secure, I'm confident that this step is "production ready".

The most important thing to check in my opinion is the server that will run sshportal, because sshportal uses a database and local files for logs; even in read-only, these files contain sensitive information that an attacker should never see

from sshportal.

@moul thanks for your comprehensive reply! I am using it as bastion for Kubernetes cluster, and after students sign up, the web front end will automatically provision a server and create an account through the bastion, is this a correct use case?

from sshportal.

Yes, definitely, I'm also using it in equivalent workflows

from sshportal.

We use patched version to implement single access for our developers to hundreds of client hosting servers. Besides interactive ssh sessions, we implemented non interactive automatic mounting of remote filesystems using afuse, sshfs and samba. There are some glitches (connection timeouts — solved with a patch, and we have to disable logs with nullfs), but in general it is very useful lighweight tool with well designed UX. Works pretty stable (knock on wood). Great work!

from sshportal.

@kreanda any plans to send a pull? :D

from sshportal.