> Thanks. I'm aware of this possibility however there's only 1 remote machine > in each remote network. > This makes setting up OpenVPN for each of those a hassle. It feels like > using a shotgun to kill a fly. > It also requires to do extra firewalling while with SSH only the needed > ports are exposed to the client.
Well it's only one port you need to open on the server, and each client can then connect back to that so there's no firewall changes on the clients. With SSH each client machine needs an open port so there's a larger attack surface compared with OpenVPN where the clients don't need to open any ports at all. Having one machine in each remote network is no problem. Each machine runs the OpenVPN client, which connects to your server on its public IP and each gets assigned a unique IP address in a private VPN subnet of your choice. Then they are configured to contact Bacula on the server's private VPN IP and everything is securely routed. It's really a pretty lightweight solution - OpenVPN is small and fast - and will give you a much more robust solution than using SSH with port forwarding. I can't imagine it would take even one hour to set up something like this, much less if you've used OpenVPN before. I know you want an answer that will work for SSH, but this is the first clue that you're trying to bang a nail in with a shoe, instead of using a hammer[1]. Cheers, Adam. [1]: https://weblogs.asp.net/alex_papadimoulis/408925 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
