On Wed, Oct 10, 2018, 15:47 Anthony de Boer via talk <[email protected]> wrote:
> Jason Shaw via talk wrote: > > On Wed, Oct 10, 2018 at 3:06 PM Mike via talk <[email protected]> wrote: > > > That is, SSH to your other shell account, and instead of running your > > > email program, run "ssh user@eugene...", and once connected to eugene, > > > proceed as though you were connected directly. > > > > This is a great recommendation and can be easily automated. In your > > personal ssh config, usually ~/.ssh/config you can add in: > > > > Host *.dreamhost.com > > ProxyCommand ssh -q shellworld_host nc %h %p > > Those suggestions are two very different things. Mike is suggesting > SSH'ing to the shell on the intermediate box and then SSH'ing from it, > while Jason is suggesting to SSH the intermediate and then use it to > pipe an inner SSH connection through the outer SSH connection and emerge > there for the onward hop to the destination. > > Caveat for the first solution: it involves using your credentials on the > intermediate box, so if anyone evil has compromised it they can now pop > the destination box too. > > Caveat for the second solution: the SSH conversation still involves the > near-end client negotiating crypto with the far-end server, so if that > started off being the problem it's still that problem. Also, the middle > box might not have nc (netcat) installed but there are other tactics > like LocalForward configuration that can do the same thing. > Ooh, you're absolutely right! I've been using this for sold that I didn't stop to think about how it actually works under the hood. > > Such plumbing is often necessary for a variety of reasons. Just make > > > sure you know where you are. The commands "whoami", and "hostname" > > > are often useful! > Great recommendation.
--- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
