[GTALUG] dreamhost reply, is dh key exchange question.
Karen Lewellen
klewellen at shellworld.net
Fri Oct 12 13:06:05 EDT 2018
Mike,
On Wed, 10 Oct 2018, Mike via talk wrote:
> ... and not forgetting that Karen's DOS-based SSH client may not
> provide these UNIX-style openssh features and configuration niceties!
Well...just so!
There might be an option somewhere in the <risk of misspelling> wat.pcp
configurations used to be sure, but it might be simpler to incorporate the
additional dh key options in the djpgg libraries too...not that I know how.
Kare
> > On 10/10/18, Anthony de Boer via talk <talk at gtalug.org> wrote:
>> Jason Shaw via talk wrote:
>>> On Wed, Oct 10, 2018 at 3:06 PM Mike via talk <talk at gtalug.org> wrote:
>>>> That is, SSH to your other shell account, and instead of running your
>>>> email program, run "ssh user at eugene...", and once connected to eugene,
>>>> proceed as though you were connected directly.
>>>
>>> This is a great recommendation and can be easily automated. In your
>>> personal ssh config, usually ~/.ssh/config you can add in:
>>>
>>> Host *.dreamhost.com
>>> ProxyCommand ssh -q shellworld_host nc %h %p
>>
>> Those suggestions are two very different things. Mike is suggesting
>> SSH'ing to the shell on the intermediate box and then SSH'ing from it,
>> while Jason is suggesting to SSH the intermediate and then use it to
>> pipe an inner SSH connection through the outer SSH connection and emerge
>> there for the onward hop to the destination.
>>
>> Caveat for the first solution: it involves using your credentials on the
>> intermediate box, so if anyone evil has compromised it they can now pop
>> the destination box too.
>>
>> Caveat for the second solution: the SSH conversation still involves the
>> near-end client negotiating crypto with the far-end server, so if that
>> started off being the problem it's still that problem. Also, the middle
>> box might not have nc (netcat) installed but there are other tactics
>> like LocalForward configuration that can do the same thing.
>>
>>>> Such plumbing is often necessary for a variety of reasons. Just make
>>>> sure you know where you are. The commands "whoami", and "hostname"
>>>> are often useful!
>>
>> Setting the bash prompt to include the hostname is helpful. Always pause
>> a moment to be sure where you are before typing commands like reboot,
>> poweroff, and such. I've even known people to alias away commands like
>> that on shared servers after inadvertently using them a time too many
>> thinking they were on their test rig.
>>
>> --
>> Anthony de Boer
>> ---
>> Talk Mailing List
>> talk at gtalug.org
>> https://gtalug.org/mailman/listinfo/talk
>>
> ---
> Talk Mailing List
> talk at gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
More information about the talk
mailing list