similar to: Is there any solution, or even work on, limiting which keys gets forwarded where?

On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > if the intermediary machine (the "jumphost") is jumphost.example, and > you are trying to reach bar.example.com (which is behind the firewall), > you would do: > ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com We use jump host, but there are literally hundreds of hosts behind

On Tue, Oct 20, 2015 at 01:31:46AM +0200, ?ngel Gonz?lez wrote: > On 16/10/15 12:46, hubert depesz lubaczewski wrote: > >On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > >>> if the intermediary machine (the "jumphost") is jumphost.example, and > >>> you are trying to reach bar.example.com (which is behind the firewall), >

On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote: > On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski > <depesz at depesz.com> wrote: > > Hi, > > > > I'm in a situation where I'm using multiple SSH keys, each to connect to > > different set of servers. > > > > I can't load/unload keys on demand, as I usually am

On Wed, Jan 22, 2014 at 07:41:51PM -0400, Jorge Fábregas wrote: > On 01/22/2014 09:44 AM, hubert depesz lubaczewski wrote: > > Is the solution to it addition of 5 separate "networks" in libvirt, and > > then connecting each guest to its own "network"? > > Yes, that's it. Right now I suggest you create 5 separate "isolated" > networks if

Hi, I've read some docs, and have some ideas, but before I'll go any further, I'd like to get confirmation if I'm understanding it right. Let's assume that on my host I want to have 5 different guests, but they shouldn't be able to communicate with each other. Is the solution to it addition of 5 separate "networks" in libvirt, and then connecting each guest to

Hi, at work we have hundreds of machines, and for various of reasons, their hostnames (with domain) do not reflect their physical location. This means that for host "a.bb.cc" i have to go through jump host "jump1.bb.cc", and for "c.bb.cc" i have to go through jump host "jump2.bb.cc". which jump host should be used can be deduced by IP, but it looks that

Hi, First of all, I hope it's not a big problem - I'm running on Debian, not Redhat. To my problem: I'm starting to learn virtualization, libvirt, and decided to create some test machine. I did it with: virt-install --name debian-test \ --os-type=linux \ --os-variant=debianwheezy \ --cdrom /media/media/software/iso/debian-testing-amd64-netinst-2014-01-16.iso \

On 01/16/2014 05:10 PM, Ján Tomko wrote: > On 01/16/2014 04:51 PM, hubert depesz lubaczewski wrote: > > What is the address reported by 'netstat -tnp'? Oops, 'nestat -tlnp'. > > Jan >

On 01/23/2014 02:45 PM, hubert depesz lubaczewski wrote: > On Wed, Jan 22, 2014 at 07:41:51PM -0400, Jorge Fábregas wrote: >> On 01/22/2014 09:44 AM, hubert depesz lubaczewski wrote: >>> Is the solution to it addition of 5 separate "networks" in libvirt, and >>> then connecting each guest to its own "network"? >> Yes, that's it. Right now I

My company uses a certain product which forces me to use a jumphost / ssh proxy. When connecting to a server I have to type "ssh myuser at technicaluser@targethost at jumphost" everytime. I tried to simplify this by editing my ssh_config and putting this into the file: Host targethost ProxyJump technicaluser at jumphost These lines are recognized but don't work like intended

On 01/16/2014 04:51 PM, hubert depesz lubaczewski wrote: > Hi, > First of all, I hope it's not a big problem - I'm running on Debian, not > Redhat. > > To my problem: I'm starting to learn virtualization, libvirt, and > decided to create some test machine. I did it with: > virt-install --name debian-test \ > --os-type=linux \ >

On 01/22/2014 09:44 AM, hubert depesz lubaczewski wrote: > Is the solution to it addition of 5 separate "networks" in libvirt, and > then connecting each guest to its own "network"? Yes, that's it. Right now I suggest you create 5 separate "isolated" networks if you want true isolation. If you create 5 standard (NAT) networks, with different addresses of

Good morning! We're experiencing rather very bad latency spikes on busy Linux systems, for example if one machine is the jumphost (ssh -J) for a few hundred connections, while at the same time handles CPU intensive tasks. Would RT/Linux SCHED_FIXED or SCHED_RR be of help in such a case, e.g. put all ssh processes into the SCHED_FIXED scheduling class, with a priority higher than the

For some odd reason, one line was removed from the handling of ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string) when it parses this option. --- readconf.c:X Mon Aug 6 23:35:52 2001 +++ readconf.c Wed Aug 15 16:11:44 2001 @@ -475,6 +475,7 @@ case oProxyCommand: charptr = &options->proxy_command; + string = xstrdup(""); while ((arg =

On 03Nov2017 13:07, Damien Miller <djm at mindrot.org> wrote: >On Fri, 3 Nov 2017, Cameron Simpson wrote: >> TL;DR: I expect ProxyCommand to have effect in preference to >> ControlPath. [...] >> On reflection, of course these are distinct options and that side of >> things isn't, of itself, a bug. However, is there a sane use case for >> using

I want to ssh from a client to a machine on a closed network via a jumphost; let's call them {client,internal,jumphost}.example.com. I have authpf set up on the jumphost so that when logged in, I am allowed to open TCP connections from the jumphost to port 22 on internal nodes. This works well with port forwarding: des at client ~% ssh -L2222:internal.example.com:22 jumphost.example.com

I tried the following command. ssh -Y -t intermediate -- ssh -Y dest But it shows the following error message. Does anybody know how to fix the problem? Thanks. X11 forwarding request failed on channel 0 -- Regards, Peng

Eric, think I came across an issue with the parser in unicorn, with a request (due to 2 layers of nginx proxying) coming across with both a X_FORWARDED_PROTO and a X-Forwarded-Proto header. From the socket (in HttpRequest) - we get: X_FORWARDED_PROTO: http X-Forwarded-Proto: https which is parsed to HTTP_X_FORWARDED_PROTO"=>"http,https There was a passenger ticket that

Dear developers, The ProxyJump feature is nowadays implemented on the basis of a TCP port forwarding on the jumping host, isn't it? As a result, this is affected by a AllowTcpForwarding=no configuration on the jumping host. So, may I suggest a variant based on Unix sockets (such as -L or -R does). Nice idea, isn't it? Any volunteer to implement this? Best regards Christophe

Server : eth0 - internet DSL eth1 - LAN wlan0 - wireles LAN I want server to share bandwith from eth0 evenly for users on eth1 and wlan0. How can i make it ? Is it possible ? As far as i know htb splits outgoing bandwith on one device only. ---------------------------------------------------- Grypa? Damy radę! Sprawdź jak jej zapowbiegać, a jeśli już za późno ...jak leczyć - grypa.wp.pl