... and not forgetting that Karen's DOS-based SSH client may not provide these UNIX-style openssh features and configuration niceties!
On 10/10/18, Anthony de Boer via talk <[email protected]> wrote: > Jason Shaw via talk wrote: >> On Wed, Oct 10, 2018 at 3:06 PM Mike via talk <[email protected]> wrote: >> > That is, SSH to your other shell account, and instead of running your >> > email program, run "ssh user@eugene...", and once connected to eugene, >> > proceed as though you were connected directly. >> >> This is a great recommendation and can be easily automated. In your >> personal ssh config, usually ~/.ssh/config you can add in: >> >> Host *.dreamhost.com >> ProxyCommand ssh -q shellworld_host nc %h %p > > Those suggestions are two very different things. Mike is suggesting > SSH'ing to the shell on the intermediate box and then SSH'ing from it, > while Jason is suggesting to SSH the intermediate and then use it to > pipe an inner SSH connection through the outer SSH connection and emerge > there for the onward hop to the destination. > > Caveat for the first solution: it involves using your credentials on the > intermediate box, so if anyone evil has compromised it they can now pop > the destination box too. > > Caveat for the second solution: the SSH conversation still involves the > near-end client negotiating crypto with the far-end server, so if that > started off being the problem it's still that problem. Also, the middle > box might not have nc (netcat) installed but there are other tactics > like LocalForward configuration that can do the same thing. > >> > Such plumbing is often necessary for a variety of reasons. Just make >> > sure you know where you are. The commands "whoami", and "hostname" >> > are often useful! > > Setting the bash prompt to include the hostname is helpful. Always pause > a moment to be sure where you are before typing commands like reboot, > poweroff, and such. I've even known people to alias away commands like > that on shared servers after inadvertently using them a time too many > thinking they were on their test rig. > > -- > Anthony de Boer > --- > Talk Mailing List > [email protected] > https://gtalug.org/mailman/listinfo/talk > --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
