Home

[one_third] [image_frame size="full-third-short" image_path="http://monitoring.zenpan.tech/wp-content/uploads/Managed-Services-280x1241.jpg" description="Managed IT Services" link_to_page="/managed-it-services" target="_self"] Managed IT Services We deliver proactive flat-rate IT Managed Services in Philadelphia, New York, Baltimore, Washington D.C., Chicago, New Orleans, Salt Lake City, San Francisco, Los Angeles. Designed to reduce your costs, increase your profits and mitigate your business risks, we partner with you as your Virtual IT Department, allowing you to focus on running your business, not your technology. [/one_third] [one_third] [image_frame size="full-third-short" image_path="http://monitoring.zenpan.tech/wp-content/uploads/happy-woman-working-on-laptop-banner1.jpg" description="Security Solutions" link_to_page="/network-security-services" target="_self"] Backup Solutions Still using old backup tapes? Did you know that 71% of tape restores fail? There is no reason a temporary setback should turn into a permanent failure for your company in Philadelphia, New York, Baltimore, Washington D.C., Chicago, New Orleans, Salt Lake City, San Francisco, Los Angeles. Let us take the worry out of protecting your sensitive data and provide peace of mind with our effective tapeless backup solutions. [/one_third] [one_third] [image_frame size="full-third-short" image_path="http://monitoring.zenpan.tech/wp-content/uploads/online-shopping1.jpg" description="Security Solutions" link_to_page="/network-security-services" target="_self"] Security Solutions Intrusion, hacking and electronic theft attempts against businesses of all types and sizes are increasing exponentially, and our network security services in Philadelphia, New York, Baltimore, Washington D.C., Chicago, New Orleans, Salt Lake City, San Francisco, Los Angeles cost-effectively protect and maintain the security of your network, assets and data against external attack, providing you peace of mind. [/one_third]

[divider style=”hr-dotted”]

[home_marketing_blog_posts]

[blog_posts title=”Latest from the blog” count=”2″ character_count=”120″ post_category=””]

[/home_marketing_blog_posts]

24x7x365 Emergency IT Services

[two_thirds] Our Emergency IT Services maintain continuity of your critical business processes Powered by our state-of-the-art network monitoring systems, we …

Protected: SiteKit Document Import Project

There is no excerpt because this is a protected post.

Protected: Bill a Client from Autotask

There is no excerpt because this is a protected post.

Protected: How to Turn on Your Computer

There is no excerpt because this is a protected post.

24x7x365 Emergency IT Services

[two_thirds] Our Emergency IT Services maintain continuity of your critical business processes Powered by our state-of-the-art network monitoring systems, we …

Protected: SiteKit Document Import Project

There is no excerpt because this is a protected post.

Read More

Protected: SiteKit Document Import Project

There is no excerpt because this is a protected post.

Read More

Protected: SiteKit Document Import Project

There is no excerpt because this is a protected post.

Read More

Protected: SiteKit Document Import Project

There is no excerpt because this is a protected post.

Read More

Protected: SiteKit Document Import Project

There is no excerpt because this is a protected post.

Read More

Protected: SiteKit Document Import Project

There is no excerpt because this is a protected post.

Read More

24x7x365 Emergency IT Services

[two_thirds]

Our Emergency IT Services maintain continuity of your critical business processes

Powered by our state-of-the-art network monitoring systems, we are automatically alerted to potential problems. This allows us to deliver 24x7x365 Emergency IT Services to prevent work-stopping outages.

When you need us, our skilled engineers respond immediately with 24x7x365 Emergency IT Services

No matter when you experience an interruption, we are available when you need us the most; with our 24x7x365 Emergency IT Services, to provide you peace of mind by delivering technical support services 24 hours per day, 7 days a week in Philadelphia, New York, Baltimore, Washington D.C., Chicago, New Orleans, Salt Lake City, San Francisco, Los Angeles.
[/two_thirds]
[one_third]
Contact Us:

[raw][contact-form] [contact-field label="Company" type="text" required="true" width="50%"/] [contact-field label="Name" type="text" required="true" /] [contact-field label="Job Title" type="text" required="true" /] [contact-field label="Phone" type="text" required="true"/] [contact-field label="Email" type="email" required="true"/] [/contact-form][/raw]

[/one_third]

24x7x365 Emergency IT Services

[two_thirds] Our Emergency IT Services maintain continuity of your critical business processes Powered by our state-of-the-art network monitoring systems, we …

Protected: SiteKit Document Import Project

This content is password protected. To view it please enter your password below:

Protected: Bill a Client from Autotask

This content is password protected. To view it please enter your password below:

Protected: How to Turn on Your Computer

This content is password protected. To view it please enter your password below:

Protected: Generating OpenSSH-compatible Keys for Use with PuTTY

This content is password protected. To view it please enter your password below:

How to Connect to Remote Access & Beyond

Introduction

The problem that we’re seeking to solve is simply:

How do we provide access to our servers in a way that only authorized people have access and have it easily and reliably – i.e. when an IP address changes, authorized people don’t need to worry, admin staff don’t need to change anything and the system is still secure?

The solution is to use a bastion host as a SSH gateway to the devices we manage.

Basic access through gateway
Basic Access through Gateway Instance

By using a Virtual Private Cloud (VPC) on AWS we can access instances which are not exposed to the Internet on port 22 (Secure Shell) or any other port listening for SSH connections.  We still have to secure our Gateway Instance, but it becomes a bastion server with the sole purpose of providing SSH access to the other resources.

Protecting Keys

The bastion host is accessible and open to the Internet on port 22.  Fail2Ban is running on this device to minimize the potential for DDOS attacks.  The Security Group for this Instance allows only port 22 traffic.  But in order to connect securely to the other hosts on the private subnet of the VPC we need to still use certificates and we don’t want to store our certificates on the bastion host (from hereon we’ll refer to this gateway device by it’s DNS name: remoteaccess.counselkit.com or simply remoteaccess).

SSH is able to perform key forwarding if ssh-agent is installed locally on the client computer.  If the developer or system administrator is accessing remoteaccess via an Apple OS X device, ssh-agent is already installed.  Adding the key to ssh-agent is done via the command:

You can list the keys that are included in your ssh-agent keychain by passing the -L argument:

If you’re using a Windows workstation, PuTTY has ssh-agent functionality integrated.  A good explanation of using PuTTY and OS X with SSH key forwarding is here.

Connecting

Once you’ve added your key the SSH command requires only that you ssh to each successive instance:

Note that I was able to connect from remoteaccess even though my private key is not in the ~/.ssh/ directory:

In this way we’re able to use SSH keys without compromising our private keys.

 

 

24x7x365 Emergency IT Services

[two_thirds] Our Emergency IT Services maintain continuity of your critical business processes Powered by our state-of-the-art network monitoring systems, we …