[kwlug-disc] Using SSH to authenticate

[Paul Nijjar]

On Sat, Mar 13, 2010 at 06:45:40PM -0500, Richard Weait wrote:
> Thought I'd fill out the example a little more because this Just Isn't
> Intuitive To Me. I've tested this now and it Works For Me.

This is not Intuitive to Me either. It also does Not Work for Me. I
get the following error: 

channel 3: open failed: administratively prohibited: open failed

which the internet says might mean that RelayHost does not permit
tunnelling. I did run this incantation on another middle host, though. 
That did work okay for some reason I don't understand
yet, since the PermitTunnel directive in /etc/ssh/sshd_config was not
specified. 

All of that may be beside the point, though. Doesn't this trick tunnel
all traffic through RelayHost? Because the relay is non-interactive,
I can believe that it might be an improvement over ssh-ing from
HomeHost to RelayHost and then RelayHost to TargetHost. But if
RelayHost is slow and laggy then my session from HomeHost ->
TargetHost is going to remain slow and laggy, no? 

Wow. Calling this RelayHost was a terrible idea. I don't actually
want to relay all traffic via RelayHost. I just want to tell
TargetHost to trust HomeHost, and then get traffic moving directly
between HomeHost and TargetHost without the bottleneck. But now that I
write that out it seems kind of silly that SSH would allow this, on
account of shenanigans.

Nonetheless the recipe is neat. Clearly I need to learn about this
stuff so that I don't feel so dumb about tunnelling all the time.
Remembering the word "tunnelling" is a start. 

I do get the sense that maybe I am being too coy about the actual
situation, and why the conditions of this problem are set as they are. 

- Paul

-- 
http://pnijjar.freeshell.org