6 Jul
2022
6 Jul
'22
2:44 p.m.
Yes, I have a script to send a nice melody to my living room computer when my coffee is
ready that uses at and ssh.
But, I often log in and get up and do things and theoretically someone could walk in the
front door and sit down. Not that I'm paranoid, but I don't like the session/user
to be able to do too much or know too much. So I don't make accessing another box too
easy, unless I have a good reason. Plus there is the whole layered defense concept and
all that.
So, for a lot of scripting with ssh certificates, I use user operator. It was just
sitting around with it's teeth in its mouth, so I put it to work. Plus the name
sounded sort of descriptive. I wrote a script to do clipboard sharing over the network,
for example. And, since I don't log in as operator ever, unless I am adding scripts
or features, I have less of a security concern.
-Gary
----- Forwarded message from Linus Sphinx <sphinxtar(a)gmail.com> -----
Date: Wed, 6 Jul 2022 07:54:01 -0600
From: Linus Sphinx <sphinxtar(a)gmail.com>
To: Gary <saclug(a)garymcglinn.com>
Subject: Re: [Lug-nuts] [sphinxtar(a)gmail.com: Re: Basic SSH]
Way we had everything wired at etrade, made for some nice easy scripting.
On Wed, Jul 6, 2022 at 6:37 AM Gary <saclug(a)garymcglinn.com> wrote:
I was thining of tyring that just to see if it would
work. You would
think there would be an example of it somewhere. It's not how I'd like to
use it, but it would be a good way to figure things out.
----- Forwarded message from Linus Sphinx <sphinxtar(a)gmail.com> -----
Date: Wed, 6 Jul 2022 05:01:48 -0600
From: Linus Sphinx <sphinxtar(a)gmail.com>
To: Gary <saclug(a)garymcglinn.com>
Subject: Re: [Lug-nuts] Basic SSH
Do you own both servers? Maybe generate keys and exchange them? Sorry for
the RTFM: https://man7.org/linux/man-pages/man1/ssh-keygen.1.html
On Tue, Jul 5, 2022 at 11:35 PM Gary <saclug(a)garymcglinn.com> wrote:
----- End forwarded message -----
So, my eyes grow weary of google nonsense.
But is there ever a way to use anything other than:
ssh -L xxxx:localhost:yyyy server.com
or
ssh -L xxxx:server.com:yyyy server.com
for example
ssh -L xxxx:anotherserver.com:yyyy server.com
for example when there are firewalls.
How would it work? Certificates only? I'd like to use a password on
anotherserver.com
I know I could get what I want using a double login and chaining ports.
But, it seems like a real waste if the :localhost: is just to tickle the
bind addresses on the server.
-Gary
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
----- End forwarded message -----
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com