home.social

#jumphost — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #jumphost, aggregated by home.social.

  1. Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.

    #guacamole #gateway #jumphost

    Apache Guacamole Remote Access Gateway als lokaler Jump-Host
    thierolf.org/de/posts/2026/apa

  2. Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.

    #guacamole #gateway #jumphost

    Apache Guacamole Remote Access Gateway als lokaler Jump-Host
    thierolf.org/de/posts/2026/apa

  3. Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.

    #guacamole #gateway #jumphost

    Apache Guacamole Remote Access Gateway als lokaler Jump-Host
    thierolf.org/de/posts/2026/apa

  4. Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.

    #guacamole #gateway #jumphost

    Apache Guacamole Remote Access Gateway als lokaler Jump-Host
    thierolf.org/de/posts/2026/apa

  5. @clacke Yes and no…
    Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles.

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  6. @clacke Yes and no…
    Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles.

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  7. @clacke Yes and no…
    Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles.

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  8. @clacke Yes and no…
    Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles.

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  9. @clacke Yes and no…
    Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles.

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  10. When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.

    The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.

    Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  11. When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.

    The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.

    Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  12. When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.

    The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.

    Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  13. When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.

    The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.

    Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  14. When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.

    The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.

    Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?

    #infosec #bastion #jumphost
    #ssh #sshd #OpenSSH

  15. Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.

    In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.

    I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.

    It involves #DNS and #SSH, yet keeps me puzzled.

    #SysadminLife

  16. Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.

    In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.

    I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.

    It involves #DNS and #SSH, yet keeps me puzzled.

    #SysadminLife

  17. Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.

    In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.

    I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.

    It involves #DNS and #SSH, yet keeps me puzzled.

    #SysadminLife

  18. Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.

    In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.

    I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.

    It involves #DNS and #SSH, yet keeps me puzzled.

    #SysadminLife

  19. Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.

    In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.

    I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.

    It involves #DNS and #SSH, yet keeps me puzzled.

    #SysadminLife