[kwlug-disc] Using SSH to authenticate

Lori Paniak ldpaniak at fourpisolutions.com
Sat Mar 13 20:39:48 EST 2010 

To avoid the laggard RelayHost, you could install an OpenVPN server on
HomeHost (or some machine on Home net with an internet facing interface)
and install a client on TargetHost.  Of course, you would need root
privileges on TargetHost to make this go and such a config may well push
through the complication ceiling and/or violate all kinds of unmentioned
security policy.




On Sat, 2010-03-13 at 20:10 -0500, Richard Weait wrote:
> On Sat, Mar 13, 2010 at 6:59 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> > On Sat, Mar 13, 2010 at 06:45:40PM -0500, Richard Weait wrote:
> >> Thought I'd fill out the example a little more because this Just Isn't
> >> Intuitive To Me. I've tested this now and it Works For Me.
> >
> > This is not Intuitive to Me either. It also does Not Work for Me. I
> > get the following error:
> >
> > channel 3: open failed: administratively prohibited: open failed
> 
> I had that when I tried the two steps in the same console.
> BadRichard. No tunnel for you!
> 
> I've presumed that you must go through RelayHost, as TargetHost only
> allows access from known hosts like RelayHost.  Thus, no connection
> allowed from HomeHost, even though you have the user/pass.  No
> connection for you UnknownHost!
> 
> Sadly, ssh can't fix slow and laggy.  I was going to suggest screen to
> reduce the effects of slow and laggy but figured, "enh? Paul knows; he
> did the presentation."
> 
> I'm not aware of a tunnel or other that allows, a what would it be, a
> bounce-connect?  As unsolicited said, "shenanigans."
> 
> Perhaps you could talk TargetHost in to allowing connections via keys
> from arbitrary hosts, or adding HomeHost as a known host, or even one
> of the above after a port-knock from RelayHost for additional
> complication?
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100313/e24650d5/attachment.sig>

More information about the kwlug-disc mailing list