[GTALUG] dreamhost reply, is dh key exchange question.

Karen Lewellen klewellen at shellworld.net
Fri Oct 12 12:38:10 EDT 2018 

Hi Mike,
In context below, I am reading these ideas starting with yours here.



On Wed, 10 Oct 2018, Mike wrote:
> Hi Karen,
>
> I'm going to guess that the "business decision" is basically to
> conform to current acceptable security practices, possibly even for
> liability reasons.

granted, I have not as of yet heard back from Brian regarding my question.
However since dreamhost benefits from their corporate hosting donating 
program with the IRS, failing to inform nonprofit organizations of said 
business decision
  prior to  impacting their mission could carry legal ramifications as well. 
I have asked Brian to document how this information  was shared with all 
of the  organizations in their program in advance.

  >
> Question: Do you, or your colleague, have administrative (or "root")
> privilege to your hosted system? If so, you could re-enable the
> deprecated algorithms without Dreamhost's help (or permission).
I doubt this, as our account is a shared one.  However what would I review 
in our control panel to learn if this might be the case?

>
> However, I have what may be an easier solution, one that I should
> already have thought of:  If you still have working SSH-based shell
> access to a different host, you should be able to SSH FROM THERE to
> your dreamhost system.

Mike, this is the ban-aid I have been using to at least try and manage 
company communications.
i ssh from my shellworld personal account into our dreamhost one.
I suspect security concerns, the process lists a slightly incorrect domain 
name  for us.  Further shortly after this started, i began getting  more 
of those ransom related e-mails
  using our password as proof they know me.
Most important though, I require direct access to our dreamhost shell 
space from my desktop.

I need to access files uploading and downloading from there, and keeping 
that information separate from my personal shell.
As it stands anything  that must change hands has to be first uploaded to 
shellworld, than sent as an attachment to curtain up which cannot be done 
when  the file is production audio etc.


  >
> That is, SSH to your other shell account, and instead of running your
> email program, run "ssh user at eugene...", and once connected to eugene,
> proceed as though you were connected directly.
>

Accept that I am not connected  directly, I am connected via another 
shell.  I cannot  move files to and from, which is important for what we 
do.

  > Such plumbing is often necessary for a variety of reasons.  Just 
make > sure you know where you are.  The commands "whoami", and "hostname"
> are often useful!

Thanks again Holmes!
Cheers,
Kare

>
>
>
>
>
>
> On 10/9/18, Karen Lewellen via talk <talk at gtalug.org> wrote:
>> Hi Mike and everyone.
>> Below  is the explanation from dreamhost regarding my dh key exchange
>> situation.
>> A bit of background.
>> Dreamhost has a special program allowing International Nonprofit
>> organizations who can demonstrate tax exempt status  to have a hosting
>> account with their service.
>> My employee got such an account  years back, they have offices both in new
>> York and Toronto.  I have asked Brian to share the documentation dreamhost
>> provided its nonprofit organization members in this program of their so
>> called business decision.
>> I pointed out that many in the nonprofit sector are using  less than hot
>> off the shelf tools to manage their internet efforts, with this business
>> decision  creating a risk for more than   myself.  Further, I pointed out
>> that  I am at the moment, physically incapable of making changes having
>> not  been able to work fully since the end of June.
>> I share  his first post, I have not gotten an answer yet to my reply.
>> I dare say the simple solution would be, if they exists, an easy way to
>> manage it, finding another company all together.
>> At the same time though I would welcome  educating other dreamhost
>> customers, say via there twitter  presence, if they have one.
>> Thoughts on their explanation?
>> Karen
>> <dreamhost e-mail begins below this line:>
>>
>>
>> On Mon, 8 Oct 2018, DreamHost Customer Support Team wrote:
>>
>>> Hello,
>>>
>>
>>     "I don't see that there should be any trouble connecting to
>>> dreamhost.com..."
>>>
>>>  Simply connecting to dreamhost.com is not a valid test, as there are no
>>> customers ever hosted on our main web site. That server is reserved for
>>> internal use only. It has only internal use logins on it. Encryption is
>>> maintained via a separate system.
>>>
>>>   "However there is a problem with Eugene.dreamhost.com Since
>>> dreamhost.com still should allow my ssh client to connect, the question
>>> is if my account can be placed on a server that will
>>> allow such a connection."
>>>
>>>   Again, we are not hosting customers on any servers that support the
>>> method of encryption you're looking for. I wish we could, but we have
>>> made a business decision not to support that type of connection style for
>>> customer logins. We will be updating dreamhost.com shortly.
>>>
>>>  "You were going to move our account in any case, at least I have
>>> e-mails saying that was going to
>>> happen."
>>>
>>>  That will simply be a move of email, to a different email server. This
>>> is unrelated to where your web service lives.
>>>
>>>  Sorry I can't be of more help here.
>>>
>>> Thanks!
>>> Brian H
>>>
>>> --
>>> To continue this support case, just reply to this email.
>>> Check our Knowledge Base tips and how-tos! https://help.dreamhost.com/
>>> Don't forget the expert content on our blog:
>>> https://www.dreamhost.com/blog/
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Are you happy with this response to your support inquiry?
>>>
>>> YES https://www.dreamhost.com/survey.cgi?h=y&n=154364736&m=4145361
>>>
>>> NO https://www.dreamhost.com/survey.cgi?h=n&n=154364736&m=4145361
>>> ------------------------------------------------------------------------
>>>
>>>
>> ---
>> Talk Mailing List
>> talk at gtalug.org
>> https://gtalug.org/mailman/listinfo/talk
>>
>
>

More information about the talk mailing list