wounded in the line of duty
For isolated servers where only SSH is allowed to the system for management purposes and no data connections (except business related) can go into the management or corporate network, you have few options.
What I usually do is provide by default a remote forward for HTTP to a distribution server, so that whenever you access these servers you can download updates and additional software. But in certain cases filesystem access is more useful so being able to tunnel NFS over SSH is very useful as well.
The benefit of doing it like this is that there is only a short period of time (during a maintenance window) that this can be used, but by default there is no possibility to exploit it.
Compared to a permanent firewall rule this is more secure and less prone to attacks.
More information about formatting options
© 2007-2014 Dag Wieërs | Powered by Drupal and RHEL. | No legal statement, haha.