[Courses] [Security] Port forwarding with SSH

Raven, corporate courtesan raven at oneeyedcrow.net
Thu Apr 4 11:28:44 EST 2002


Heya --

Quoth jennyw (Wed, Mar 27, 2002 at 08:14:44PM -0800):
> > 	Also, are you using ssh1, ssh2, or OpenSSH for this?
> 
> It's OpenSSH. How different are the implementations from each other? I
> thought OpenSSH was compatible with the now commercial ssh?

	Depends on what you mean by compatible.  If you install OpenSSH
on one box, you can use the client to connect to a box that runs the
commercial ssh, and vice versa.  They support the same protocols.  In
that sense, they are compatible.  However, many of the configuration
options are specified differently, both on the command line and in the
config files.  Some options are present in one ssh server but not in
another.  That's why I like the snail book.  OpenSSH (what I normally
use) is pretty familiar to me now, but every so often I run into an "I
*think* you can do that in this version -- let me look it up" sort of
issue.
 
>     su -c "ssh -g -L 80:server:80 server -l jen"
> 
> and it worked fine!

	Yay.  [grin]

	As for the -c thing, it's the -c for su vs. the -c for ssh.
They do different things; I think that was the mixup.
 
> with the ssh I use (OpenSSH) -c specifies a cipher type.  Not even
> sure what that means.

	It's the sort of encryption algorithm you want to use for the
session.  Some people have a preference, whether for technical (Blowfish
is a nice fast block cipher!) or legal (IDEA is patented!) or even
ideological (I dislike and distrust the people that develop Foo
algorithm!) reasons.  So if you care, you can ask that a specific cipher
be used to encrypt the session (for ssh1), or for a list of ciphers to
be used in preferential order (for ssh2).

> Oh, wait, they consider crypto stuff munitions, don't they? I wonder
> if that'll confuse airport security ;-)

	Most airport people aren't really aware of the crypto/munitions
thing.  As long as you're not flying internationally, I would be amazed
if they decided to care.  It's only exporting that there's funky
legalisms with; as far as I know you can have any crypto you like
transported within the US.  (Well, assuming you didn't steal it or
something otherwise illegal.)
 
> This discussion has helped a lot. I now know more about SSH. I also now
> know that chances are I probably won't be using it.

	Yeah, if I were you I'd go the VPN route too.  But I'm pleased
that you feel informed enough to make that decision on your own.  [grin]

Cheers,
Raven 
 
"Argh!  All these clocks are the same!"
  -- RavenBlack, on unexpected and new synchronicity



More information about the Courses mailing list