1. Yes. The knocking mechanism of ssh. The address is http://www.ibm.com/developerw... but it is not commonly used. (For individuals, denyhosts can also achieve the effect).
2. I’m glad you can consider this issue, but usually, enterprises only have one port open to the outside world, which is 80. At the same time, they will provide a vpn server. In addition, there is something called a bastion machine specifically used for ssh to other servers.
As my 213th answer, add a few links:
1. Springboard machine (with springboard machine open source address) http://os.51cto.com/art/20140...
2. Bastion machine (springboard machine) + LDAP implementation series of articles /a/11...
3.vpn, yes, it is best to have a layer of VPN outside the springboard http://blog.cnezsoft.com/blog...
In fact, it doesn’t have to be so troublesome. You can use securecrt to log in to a server, and then access other machines through ssh proxy mode. It is equivalent to using the ssh protocol to access other intranet servers through an ssh agent. In this case, security can be greatly increased.
1. Yes. The knocking mechanism of ssh.
The address is
http://www.ibm.com/developerw...
but it is not commonly used.
(For individuals, denyhosts can also achieve the effect).
2. I’m glad you can consider this issue, but usually, enterprises only have one port open to the outside world, which is 80.
At the same time, they will provide a vpn server.
In addition, there is something called a bastion machine specifically used for ssh to other servers.
As my 213th answer, add a few links:
1. Springboard machine (with springboard machine open source address)
http://os.51cto.com/art/20140...
2. Bastion machine (springboard machine) + LDAP implementation series of articles
/a/11...
3.vpn, yes, it is best to have a layer of VPN outside the springboard
http://blog.cnezsoft.com/blog...
4.jumpserver
http://jumpserver.org/
This is impossible. I have never heard of it being like this.
In fact, it doesn’t have to be so troublesome. You can use securecrt to log in to a server, and then access other machines through ssh proxy mode. It is equivalent to using the ssh protocol to access other intranet servers through an ssh agent. In this case, security can be greatly increased.