Re: [GTALUG] dreamhost reply, is dh key exchange question.
On Wed, Oct 10, 2018, 15:47 Anthony de Boer via talk wrote: > Jason Shaw via talk wrote: > > On Wed, Oct 10, 2018 at 3:06 PM Mike via talk wrote: > > > That is, SSH to your other shell account, and instead of running your > > > email program, run "ssh user@eugene...", and once connected to eugene, > > > proceed as though you were connected directly. > > > > This is a great recommendation and can be easily automated. In your > > personal ssh config, usually ~/.ssh/config you can add in: > > > > Host *.dreamhost.com > > ProxyCommand ssh -q shellworld_host nc %h %p > > Those suggestions are two very different things. Mike is suggesting > SSH'ing to the shell on the intermediate box and then SSH'ing from it, > while Jason is suggesting to SSH the intermediate and then use it to > pipe an inner SSH connection through the outer SSH connection and emerge > there for the onward hop to the destination. > > Caveat for the first solution: it involves using your credentials on the > intermediate box, so if anyone evil has compromised it they can now pop > the destination box too. > > Caveat for the second solution: the SSH conversation still involves the > near-end client negotiating crypto with the far-end server, so if that > started off being the problem it's still that problem. Also, the middle > box might not have nc (netcat) installed but there are other tactics > like LocalForward configuration that can do the same thing. > Ooh, you're absolutely right! I've been using this for sold that I didn't stop to think about how it actually works under the hood. > > Such plumbing is often necessary for a variety of reasons. Just make > > > sure you know where you are. The commands "whoami", and "hostname" > > > are often useful! > Great recommendation. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] dreamhost reply, is dh key exchange question.
... and not forgetting that Karen's DOS-based SSH client may not provide these UNIX-style openssh features and configuration niceties! On 10/10/18, Anthony de Boer via talk wrote: > Jason Shaw via talk wrote: >> On Wed, Oct 10, 2018 at 3:06 PM Mike via talk wrote: >> > That is, SSH to your other shell account, and instead of running your >> > email program, run "ssh user@eugene...", and once connected to eugene, >> > proceed as though you were connected directly. >> >> This is a great recommendation and can be easily automated. In your >> personal ssh config, usually ~/.ssh/config you can add in: >> >> Host *.dreamhost.com >> ProxyCommand ssh -q shellworld_host nc %h %p > > Those suggestions are two very different things. Mike is suggesting > SSH'ing to the shell on the intermediate box and then SSH'ing from it, > while Jason is suggesting to SSH the intermediate and then use it to > pipe an inner SSH connection through the outer SSH connection and emerge > there for the onward hop to the destination. > > Caveat for the first solution: it involves using your credentials on the > intermediate box, so if anyone evil has compromised it they can now pop > the destination box too. > > Caveat for the second solution: the SSH conversation still involves the > near-end client negotiating crypto with the far-end server, so if that > started off being the problem it's still that problem. Also, the middle > box might not have nc (netcat) installed but there are other tactics > like LocalForward configuration that can do the same thing. > >> > Such plumbing is often necessary for a variety of reasons. Just make >> > sure you know where you are. The commands "whoami", and "hostname" >> > are often useful! > > Setting the bash prompt to include the hostname is helpful. Always pause > a moment to be sure where you are before typing commands like reboot, > poweroff, and such. I've even known people to alias away commands like > that on shared servers after inadvertently using them a time too many > thinking they were on their test rig. > > -- > Anthony de Boer > --- > Talk Mailing List > talk@gtalug.org > https://gtalug.org/mailman/listinfo/talk > --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] dreamhost reply, is dh key exchange question.
Jason Shaw via talk wrote: > On Wed, Oct 10, 2018 at 3:06 PM Mike via talk wrote: > > That is, SSH to your other shell account, and instead of running your > > email program, run "ssh user@eugene...", and once connected to eugene, > > proceed as though you were connected directly. > > This is a great recommendation and can be easily automated. In your > personal ssh config, usually ~/.ssh/config you can add in: > > Host *.dreamhost.com > ProxyCommand ssh -q shellworld_host nc %h %p Those suggestions are two very different things. Mike is suggesting SSH'ing to the shell on the intermediate box and then SSH'ing from it, while Jason is suggesting to SSH the intermediate and then use it to pipe an inner SSH connection through the outer SSH connection and emerge there for the onward hop to the destination. Caveat for the first solution: it involves using your credentials on the intermediate box, so if anyone evil has compromised it they can now pop the destination box too. Caveat for the second solution: the SSH conversation still involves the near-end client negotiating crypto with the far-end server, so if that started off being the problem it's still that problem. Also, the middle box might not have nc (netcat) installed but there are other tactics like LocalForward configuration that can do the same thing. > > Such plumbing is often necessary for a variety of reasons. Just make > > sure you know where you are. The commands "whoami", and "hostname" > > are often useful! Setting the bash prompt to include the hostname is helpful. Always pause a moment to be sure where you are before typing commands like reboot, poweroff, and such. I've even known people to alias away commands like that on shared servers after inadvertently using them a time too many thinking they were on their test rig. -- Anthony de Boer --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
[GTALUG] [GTALUG-Announce] In the Community
# In the Community # October ## Long Now Toronto Whole Earth Catalog 50th Anniversary * Saturday, 13th, 2pm - 4pm * Hacklab.to, 1266 Queen St W. Suite #6 * https://www.meetup.com/Long-Now-Toronto/events/254627578 ## GTALUG Seatbelts and Airbags for Bash with Michael Potter * Wednesday, 17th, 6:45pm * Hacklab.to, 1266 Queen St W. Suite #6 * https://www.eventbrite.ca/e/seatbelts-and-airbags-for-bash-tickets-51177497272 ## LUG@RU * Friday, 19th, 5:20pm * Ryerson, ENG201 [George Vari Engineering Building] * https://lugryerson.github.io/10-19-2018.html ## Free Software and Open Source Symposium * Thursday, 25th and Friday, 26th * CDOT, Seneca @ York * https://fsoss.senecacollege.ca/ ## Toronto Perl Mongers * Thursday, 25th, 7pm * FlightNetwork, 145 King St West Suite 1400 * https://www.meetup.com/Toronto-Perl-Mongers/events/rhsxwpyxnbhc/ ## Hack'O'Ween Fundraiser * Saturday, 27th, 9pm * Hacklab.to, 1266 Queen St W. Suite #6 * https://www.eventbrite.ca/e/hackoween-2018-tickets-50801266957 # November ## GTALUG Blockchain, the technology not the hype with Pual Mullins * Tuesday, 13th, 7:30pm * ENG203 [George Vari Engineering Building], Ryerson * https://gtalug.org/meeting/2018-11/ *** If you have an event to add to this monthly list, please contact: scott [at] gtalug [dot] org. --- GTALUG Announce mailing list annou...@gtalug.org https://gtalug.org/mailman/listinfo/announce --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] dreamhost reply, is dh key exchange question.
On Wed, Oct 10, 2018 at 3:06 PM Mike via talk wrote: > > However, I have what may be an easier solution, one that I should > already have thought of: If you still have working SSH-based shell > access to a different host, you should be able to SSH FROM THERE to > your dreamhost system. > > That is, SSH to your other shell account, and instead of running your > email program, run "ssh user@eugene...", and once connected to eugene, > proceed as though you were connected directly. > > Such plumbing is often necessary for a variety of reasons. Just make > sure you know where you are. The commands "whoami", and "hostname" > are often useful! > > This is a great recommendation and can be easily automated. In your personal ssh config, usually ~/.ssh/config you can add in: Host *.dreamhost.com ProxyCommand ssh -q shellworld_host nc %h %p With this in place, you'll be able to just type 'ssh yourhost.dreamhost.com' and you'll bounce through shellworld_host (substitiute your actual shellworld host account) to make it mostly seamless. -jason --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] dreamhost reply, is dh key exchange question.
Hi Karen, I'm going to guess that the "business decision" is basically to conform to current acceptable security practices, possibly even for liability reasons. Question: Do you, or your colleague, have administrative (or "root") privilege to your hosted system? If so, you could re-enable the deprecated algorithms without Dreamhost's help (or permission). However, I have what may be an easier solution, one that I should already have thought of: If you still have working SSH-based shell access to a different host, you should be able to SSH FROM THERE to your dreamhost system. That is, SSH to your other shell account, and instead of running your email program, run "ssh user@eugene...", and once connected to eugene, proceed as though you were connected directly. Such plumbing is often necessary for a variety of reasons. Just make sure you know where you are. The commands "whoami", and "hostname" are often useful! Cheers, Mike On 10/9/18, Karen Lewellen via talk wrote: > Hi Mike and everyone. > Below is the explanation from dreamhost regarding my dh key exchange > situation. > A bit of background. > Dreamhost has a special program allowing International Nonprofit > organizations who can demonstrate tax exempt status to have a hosting > account with their service. > My employee got such an account years back, they have offices both in new > York and Toronto. I have asked Brian to share the documentation dreamhost > provided its nonprofit organization members in this program of their so > called business decision. > I pointed out that many in the nonprofit sector are using less than hot > off the shelf tools to manage their internet efforts, with this business > decision creating a risk for more than myself. Further, I pointed out > that I am at the moment, physically incapable of making changes having > not been able to work fully since the end of June. > I share his first post, I have not gotten an answer yet to my reply. > I dare say the simple solution would be, if they exists, an easy way to > manage it, finding another company all together. > At the same time though I would welcome educating other dreamhost > customers, say via there twitter presence, if they have one. > Thoughts on their explanation? > Karen > > > > On Mon, 8 Oct 2018, DreamHost Customer Support Team wrote: > >> Hello, >> > > "I don't see that there should be any trouble connecting to >> dreamhost.com..." >> >> Simply connecting to dreamhost.com is not a valid test, as there are no >> customers ever hosted on our main web site. That server is reserved for >> internal use only. It has only internal use logins on it. Encryption is >> maintained via a separate system. >> >> "However there is a problem with Eugene.dreamhost.com Since >> dreamhost.com still should allow my ssh client to connect, the question >> is if my account can be placed on a server that will >> allow such a connection." >> >> Again, we are not hosting customers on any servers that support the >> method of encryption you're looking for. I wish we could, but we have >> made a business decision not to support that type of connection style for >> customer logins. We will be updating dreamhost.com shortly. >> >> "You were going to move our account in any case, at least I have >> e-mails saying that was going to >> happen." >> >> That will simply be a move of email, to a different email server. This >> is unrelated to where your web service lives. >> >> Sorry I can't be of more help here. >> >> Thanks! >> Brian H >> >> -- >> To continue this support case, just reply to this email. >> Check our Knowledge Base tips and how-tos! https://help.dreamhost.com/ >> Don't forget the expert content on our blog: >> https://www.dreamhost.com/blog/ >> >> >> >> >> Are you happy with this response to your support inquiry? >> >> YES https://www.dreamhost.com/survey.cgi?h=y=154364736=4145361 >> >> NO https://www.dreamhost.com/survey.cgi?h=n=154364736=4145361 >> >> >> > --- > Talk Mailing List > talk@gtalug.org > https://gtalug.org/mailman/listinfo/talk > --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Google Alternatives
On 2018-10-09 06:38 PM, Christopher Browne via talk wrote: > https://degooglisons-internet.org/en/alternatives/ A whole bunch of these, such as Trello, aren't Google services. It also seems to be mostly a catalogue of services from one company. I'll be sad to see Google+ go, if only for the huge knowledge base built up there for my open source Reach 3D printer. The folks there know 3d printers and not data retention best-practice. At the time, Google+ seemed like it would stick around forever, right?¹ (a hollow voice intones "O R K U T ... W A V E ... R E A D E R ...") Stewart --- ¹: “If you are not paying for it, you're not the customer; you're the product being sold.” - https://www.metafilter.com/95152/Userdriven-discontent#32560467 --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Not recognizing added RAM
On Wed, Oct 10, 2018 at 11:40:16AM -0400, Lennart Sorensen via talk wrote: > On Wed, Oct 10, 2018 at 12:37:47AM -0400, Evan Leibovitch via talk wrote: > > Hi all, > > > > I thought I would know how to handle this but it turns out that I don't. > > > > I just added two new sticks of RAM to a system but it's not recognized by > > the BIOS or OS. > > > > > > # inxi -m > > Memory:RAM: total: 7.74 GiB used: 2.93 GiB (37.9%) > >Array-1: capacity: 16 GiB note: est. slots: 4 EC: None > >Device-1: DIMM_A1 size: 4 GiB speed: 800 MT/s > >Device-2: DIMM_A2 size: 4 GiB speed: 800 MT/s > >Device-3: DIMM_B1 size: 4 GiB speed: 800 MT/s > >Device-4: DIMM_B2 size: 4 GiB speed: 800 MT/s > > > > So Inxi sees all 16GB (as does memtest) and yet in the first line it shows > > RAM total at 8. dmidecode output is below > > > > Motherboard is an Asus F2A85-M. BIOS has been reset to defaults but not > > updated since the mobo was purchased. > > OS is current Manjaro KDE. > > > > The website specs say it can take 64GB. > > Is updating the BIOS necessary or are there other solutions? > > > > All help is greatly appreciated. > > Check the setting for the UMA Frame Buffer Size in the BIOS. Apparently > AMD's onboard video likes to take a LOT of memory by default if set > to auto. Many people have seen the auto setting like to take 50% which > is of course insane. > > See page 2-20 in the manual. You could also have not quite seated the new sticks properly. After all if the I2C bus connects, dmi data will show the sticks, even if the memory controller can't talk to them. How much memory does the BIOS see? -- Len Sorensen --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Not recognizing added RAM
On Wed, Oct 10, 2018 at 12:37:47AM -0400, Evan Leibovitch via talk wrote: > Hi all, > > I thought I would know how to handle this but it turns out that I don't. > > I just added two new sticks of RAM to a system but it's not recognized by > the BIOS or OS. > > > # inxi -m > Memory:RAM: total: 7.74 GiB used: 2.93 GiB (37.9%) >Array-1: capacity: 16 GiB note: est. slots: 4 EC: None >Device-1: DIMM_A1 size: 4 GiB speed: 800 MT/s >Device-2: DIMM_A2 size: 4 GiB speed: 800 MT/s >Device-3: DIMM_B1 size: 4 GiB speed: 800 MT/s >Device-4: DIMM_B2 size: 4 GiB speed: 800 MT/s > > So Inxi sees all 16GB (as does memtest) and yet in the first line it shows > RAM total at 8. dmidecode output is below > > Motherboard is an Asus F2A85-M. BIOS has been reset to defaults but not > updated since the mobo was purchased. > OS is current Manjaro KDE. > > The website specs say it can take 64GB. > Is updating the BIOS necessary or are there other solutions? > > All help is greatly appreciated. Check the setting for the UMA Frame Buffer Size in the BIOS. Apparently AMD's onboard video likes to take a LOT of memory by default if set to auto. Many people have seen the auto setting like to take 50% which is of course insane. See page 2-20 in the manual. -- Len Sorensen --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
