[GTALUG] dreamhost reply, is dh key exchange question.
Karen Lewellen
klewellen at shellworld.net
Fri Oct 12 12:38:10 EDT 2018
Hi Mike,
In context below, I am reading these ideas starting with yours here.
On Wed, 10 Oct 2018, Mike wrote:
> Hi Karen,
>
> I'm going to guess that the "business decision" is basically to
> conform to current acceptable security practices, possibly even for
> liability reasons.
granted, I have not as of yet heard back from Brian regarding my question.
However since dreamhost benefits from their corporate hosting donating
program with the IRS, failing to inform nonprofit organizations of said
business decision
prior to impacting their mission could carry legal ramifications as well.
I have asked Brian to document how this information was shared with all
of the organizations in their program in advance.
>
> Question: Do you, or your colleague, have administrative (or "root")
> privilege to your hosted system? If so, you could re-enable the
> deprecated algorithms without Dreamhost's help (or permission).
I doubt this, as our account is a shared one. However what would I review
in our control panel to learn if this might be the case?
>
> However, I have what may be an easier solution, one that I should
> already have thought of: If you still have working SSH-based shell
> access to a different host, you should be able to SSH FROM THERE to
> your dreamhost system.
Mike, this is the ban-aid I have been using to at least try and manage
company communications.
i ssh from my shellworld personal account into our dreamhost one.
I suspect security concerns, the process lists a slightly incorrect domain
name for us. Further shortly after this started, i began getting more
of those ransom related e-mails
using our password as proof they know me.
Most important though, I require direct access to our dreamhost shell
space from my desktop.
I need to access files uploading and downloading from there, and keeping
that information separate from my personal shell.
As it stands anything that must change hands has to be first uploaded to
shellworld, than sent as an attachment to curtain up which cannot be done
when the file is production audio etc.
>
> That is, SSH to your other shell account, and instead of running your
> email program, run "ssh user at eugene...", and once connected to eugene,
> proceed as though you were connected directly.
>
Accept that I am not connected directly, I am connected via another
shell. I cannot move files to and from, which is important for what we
do.
> Such plumbing is often necessary for a variety of reasons. Just
make > sure you know where you are. The commands "whoami", and "hostname"
> are often useful!
Thanks again Holmes!
Cheers,
Kare
>
>
>
>
>
>
> On 10/9/18, Karen Lewellen via talk <talk at gtalug.org> wrote:
>> Hi Mike and everyone.
>> Below is the explanation from dreamhost regarding my dh key exchange
>> situation.
>> A bit of background.
>> Dreamhost has a special program allowing International Nonprofit
>> organizations who can demonstrate tax exempt status to have a hosting
>> account with their service.
>> My employee got such an account years back, they have offices both in new
>> York and Toronto. I have asked Brian to share the documentation dreamhost
>> provided its nonprofit organization members in this program of their so
>> called business decision.
>> I pointed out that many in the nonprofit sector are using less than hot
>> off the shelf tools to manage their internet efforts, with this business
>> decision creating a risk for more than myself. Further, I pointed out
>> that I am at the moment, physically incapable of making changes having
>> not been able to work fully since the end of June.
>> I share his first post, I have not gotten an answer yet to my reply.
>> I dare say the simple solution would be, if they exists, an easy way to
>> manage it, finding another company all together.
>> At the same time though I would welcome educating other dreamhost
>> customers, say via there twitter presence, if they have one.
>> Thoughts on their explanation?
>> Karen
>> <dreamhost e-mail begins below this line:>
>>
>>
>> On Mon, 8 Oct 2018, DreamHost Customer Support Team wrote:
>>
>>> Hello,
>>>
>>
>> "I don't see that there should be any trouble connecting to
>>> dreamhost.com..."
>>>
>>> Simply connecting to dreamhost.com is not a valid test, as there are no
>>> customers ever hosted on our main web site. That server is reserved for
>>> internal use only. It has only internal use logins on it. Encryption is
>>> maintained via a separate system.
>>>
>>> "However there is a problem with Eugene.dreamhost.com Since
>>> dreamhost.com still should allow my ssh client to connect, the question
>>> is if my account can be placed on a server that will
>>> allow such a connection."
>>>
>>> Again, we are not hosting customers on any servers that support the
>>> method of encryption you're looking for. I wish we could, but we have
>>> made a business decision not to support that type of connection style for
>>> customer logins. We will be updating dreamhost.com shortly.
>>>
>>> "You were going to move our account in any case, at least I have
>>> e-mails saying that was going to
>>> happen."
>>>
>>> That will simply be a move of email, to a different email server. This
>>> is unrelated to where your web service lives.
>>>
>>> Sorry I can't be of more help here.
>>>
>>> Thanks!
>>> Brian H
>>>
>>> --
>>> To continue this support case, just reply to this email.
>>> Check our Knowledge Base tips and how-tos! https://help.dreamhost.com/
>>> Don't forget the expert content on our blog:
>>> https://www.dreamhost.com/blog/
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Are you happy with this response to your support inquiry?
>>>
>>> YES https://www.dreamhost.com/survey.cgi?h=y&n=154364736&m=4145361
>>>
>>> NO https://www.dreamhost.com/survey.cgi?h=n&n=154364736&m=4145361
>>> ------------------------------------------------------------------------
>>>
>>>
>> ---
>> Talk Mailing List
>> talk at gtalug.org
>> https://gtalug.org/mailman/listinfo/talk
>>
>
>
More information about the talk
mailing list