Hi Anthony, One issue not covered with this back door is what happens if shellworld itself is down? That happened for two weeks recently. If I used shellworld to somehow reach dreamhost, and shellworld is compromised, I personally end up with no electronic contact with the outside world whatsoever. I am likewise not personally comfortable tapping shellworld servers to reach the dreamhost ones, I agree with you that the problem would likely remain. More important though neither of these solutions provide a from my desktop to my dreamhost shared account workspace solution which is a must have here. Thanks, Karen On Wed, 10 Oct 2018, Anthony de Boer via talk wrote:
Jason Shaw via talk wrote:
On Wed, Oct 10, 2018 at 3:06 PM Mike via talk <talk@gtalug.org> wrote:
That is, SSH to your other shell account, and instead of running your email program, run "ssh user@eugene...", and once connected to eugene, proceed as though you were connected directly.
This is a great recommendation and can be easily automated. In your personal ssh config, usually ~/.ssh/config you can add in:
Host *.dreamhost.com ProxyCommand ssh -q shellworld_host nc %h %p
Those suggestions are two very different things. Mike is suggesting SSH'ing to the shell on the intermediate box and then SSH'ing from it, while Jason is suggesting to SSH the intermediate and then use it to pipe an inner SSH connection through the outer SSH connection and emerge there for the onward hop to the destination.
Caveat for the first solution: it involves using your credentials on the intermediate box, so if anyone evil has compromised it they can now pop the destination box too.
Caveat for the second solution: the SSH conversation still involves the near-end client negotiating crypto with the far-end server, so if that started off being the problem it's still that problem. Also, the middle box might not have nc (netcat) installed but there are other tactics like LocalForward configuration that can do the same thing.
Such plumbing is often necessary for a variety of reasons. Just make sure you know where you are. The commands "whoami", and "hostname" are often useful!
Setting the bash prompt to include the hostname is helpful. Always pause a moment to be sure where you are before typing commands like reboot, poweroff, and such. I've even known people to alias away commands like that on shared servers after inadvertently using them a time too many thinking they were on their test rig.
-- Anthony de Boer --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk