0

I've just setup my first bastion host in AWS and it made me think about the access. For an example:

user --> bastion (public) --> database (will only allow access from bastion IP on port 22)

It seems like I can do this in two ways:

First

User will have two private keys which are his personal key and database key. Added using ssh-add -K. So, in order to ssh into the database, the user will do something like this: ssh -A user@bastion and then once logged in the bastion host, he can just execute another ssh to get into the database.

Second

The user will only have one private key which is his personal key. He'll use that to ssh into the bastion host and then connect to the DB from there. There's no key forwarding this time as the database has authorized the key from bastion.

The difference between those two is that the user only need the key to the database for the first method, but not the second one.

My question is, which one is the best way to do this? It seems like both of them can be considered as secured. But the second one might be better as the admin doesn't have to distribute the DB key to the user.

Cekpome Woot
  • 3
  • 1

1 Answers1

0

If you think of the ssh private key as identifying the user, then the second method just amounts to authorizing the same user to access both the bastion and database hosts. It simplifies administration a little as you said, but you'll have to assess the risk and whether it's worth it.

However the first method is unlikely to add any security in practice. If an attacker is able to get hold of one of the private keys, they'll probably be able to get the other one too.

All in all and unless you're a high-value target, the second method is probably fine. Either way, the user account with ssh access to your database needs to be carefully protected.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47