* ssh rulez
@ 1998-03-28 8:16 Lars Magne Ingebrigtsen
1998-03-28 16:43 ` Harry Putnam
` (4 more replies)
0 siblings, 5 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 1998-03-28 8:16 UTC (permalink / raw)
Someone told me that ssh was quite good at compressing things, so I
switched compression on and used the following select method:
(nntp "news"
(nntp-address "copper.uio.no")
(nntp-rlogin-program "ssh")
(nntp-open-connection-function nntp-open-rlogin)
(nntp-end-of-line "\n")
(nntp-rlogin-parameters
("telnet" "news.uio.no" "nntp")))
And things go *way* faster over my 33.6k modem. I use the Gnus Agent
to download, and this, like, halves the time it takes to download
stuff.
I found a bug in the nntp posting code, though. Fix in 5.6.4.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-28 8:16 ssh rulez Lars Magne Ingebrigtsen
@ 1998-03-28 16:43 ` Harry Putnam
1998-03-28 17:14 ` Bud Rogers
1998-03-28 19:17 ` Richard Hoskins
` (3 subsequent siblings)
4 siblings, 1 reply; 18+ messages in thread
From: Harry Putnam @ 1998-03-28 16:43 UTC (permalink / raw)
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> Someone told me that ssh was quite good at compressing things, so I
> switched compression on and used the following select method:
>
> (nntp "news"
> (nntp-address "copper.uio.no")
> (nntp-rlogin-program "ssh")
> (nntp-open-connection-function nntp-open-rlogin)
> (nntp-end-of-line "\n")
> (nntp-rlogin-parameters
> ("telnet" "news.uio.no" "nntp")))
>
> And things go *way* faster over my 33.6k modem. I use the Gnus Agent
> to download, and this, like, halves the time it takes to download
> stuff.
>
> I found a bug in the nntp posting code, though. Fix in 5.6.4.
Cool -- I was able to get info on 'rsh' but not 'ssh'.
What is that a reference to? Searches for that file name 'ssh*' turn up
nothing on several ftp sites.
--
Harry Putnam reader@newsguy.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-28 16:43 ` Harry Putnam
@ 1998-03-28 17:14 ` Bud Rogers
0 siblings, 0 replies; 18+ messages in thread
From: Bud Rogers @ 1998-03-28 17:14 UTC (permalink / raw)
Harry Putnam <reader@newsguy.com> writes:
> Cool -- I was able to get info on 'rsh' but not 'ssh'. What is that a
> reference to? Searches for that file name 'ssh*' turn up nothing on
> several ftp sites.
http://www.cs.hut.fi/ssh/
--
Bud Rogers <budr@tanet.net>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-28 8:16 ssh rulez Lars Magne Ingebrigtsen
1998-03-28 16:43 ` Harry Putnam
@ 1998-03-28 19:17 ` Richard Hoskins
1998-03-29 8:04 ` Lars Magne Ingebrigtsen
1998-03-31 16:37 ` Francois Felix Ingrand
` (2 subsequent siblings)
4 siblings, 1 reply; 18+ messages in thread
From: Richard Hoskins @ 1998-03-28 19:17 UTC (permalink / raw)
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> Someone told me that ssh was quite good at compressing things, so I
> switched compression on and used the following select method:
>
> (nntp "news"
> (nntp-address "copper.uio.no")
> (nntp-rlogin-program "ssh")
> (nntp-open-connection-function nntp-open-rlogin)
> (nntp-end-of-line "\n")
> (nntp-rlogin-parameters
> ("telnet" "news.uio.no" "nntp")))
>
As root, I envoke ssh with:
# ssh -C -o "CompressionLevel 9" -L 119:news.iglou.com:119 iglou.com
and set the select method to (nntp "localhost"). ssh definitely
rulez.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-28 19:17 ` Richard Hoskins
@ 1998-03-29 8:04 ` Lars Magne Ingebrigtsen
1998-03-29 19:39 ` Felix Lee
0 siblings, 1 reply; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 1998-03-29 8:04 UTC (permalink / raw)
Richard Hoskins <rh@iglou.com> writes:
> As root, I envoke ssh with:
>
> # ssh -C -o "CompressionLevel 9" -L 119:news.iglou.com:119 iglou.com
>
> and set the select method to (nntp "localhost").
Uhm... I don't know why I didn't think of that...
Oh, now I know -- you have to tear the ssh connection down manually
after, uh, stuff has been downloaded, don't you? I use diald to take
the connection up/down, so that I can pretend that I'm on a machine
that's connected to the net.
Hm... Perhaps I can run ssh off of gnus-agent-plugged-hook, and then
tear it down from gnus-agent-unplugged-hook? That should work, I think.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-29 8:04 ` Lars Magne Ingebrigtsen
@ 1998-03-29 19:39 ` Felix Lee
1998-03-29 20:12 ` Bud Rogers
0 siblings, 1 reply; 18+ messages in thread
From: Felix Lee @ 1998-03-29 19:39 UTC (permalink / raw)
Cc: ding
> > As root, I envoke ssh with:
> > # ssh -C -o "CompressionLevel 9" -L 119:news.iglou.com:119 iglou.com
> > and set the select method to (nntp "localhost").
note that unless you're firewalled or something, anyone can
connect to that port on your machine and get to iglou.com,
pretending that they're coming from you.
--
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-29 19:39 ` Felix Lee
@ 1998-03-29 20:12 ` Bud Rogers
1998-03-29 20:38 ` Felix Lee
1998-03-29 21:36 ` Alan Shutko
0 siblings, 2 replies; 18+ messages in thread
From: Bud Rogers @ 1998-03-29 20:12 UTC (permalink / raw)
Felix Lee <flee@teleport.com> writes:
> > > As root, I envoke ssh with:
> > > # ssh -C -o "CompressionLevel 9" -L 119:news.iglou.com:119 iglou.com
> > > and set the select method to (nntp "localhost").
>
> note that unless you're firewalled or something, anyone can
> connect to that port on your machine and get to iglou.com,
> pretending that they're coming from you.
Is that true? I thought the whole point of ssh/sshd was allow secure
remote access through encryption, and host/user verification by encrypted
keys.
--
Bud Rogers <budr@tanet.net>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-29 20:12 ` Bud Rogers
@ 1998-03-29 20:38 ` Felix Lee
1998-03-30 20:05 ` Richard Hoskins
1998-03-29 21:36 ` Alan Shutko
1 sibling, 1 reply; 18+ messages in thread
From: Felix Lee @ 1998-03-29 20:38 UTC (permalink / raw)
Cc: ding
> Is that true? I thought the whole point of ssh/sshd was allow secure
> remote access through encryption, and host/user verification by encrypted
> keys.
yes, but there's no access control to the forwarded port.
if port 119 on your machine is being forwarded somewhere,
all the traffic between you and the somewhere is encrypted
and compressed, etc, but ssh doesn't care who connects to
port 119 on your local machine.
forwarded connections (like the X forwarding) typically rely
on end-to-end user authentication (like xauth) to be secure.
however, nntp authentication tends to be weak, and often
relies on "source" IP address, which looks like it's you if
you're using forwarding.
it shouldn't be too hard to add to ssh a flag that says,
"don't accept connections at the forwarding port unless they
come from a particular IP address", but I don't see such a
thing (in 1.2.20 at least. haven't looked at newer yet.)
--
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-29 20:12 ` Bud Rogers
1998-03-29 20:38 ` Felix Lee
@ 1998-03-29 21:36 ` Alan Shutko
1998-03-30 13:01 ` Robert Bihlmeyer
1 sibling, 1 reply; 18+ messages in thread
From: Alan Shutko @ 1998-03-29 21:36 UTC (permalink / raw)
Cc: ding
>>>>> "B" == Bud Rogers <budr@tanet.net> writes:
B> Felix Lee <flee@teleport.com> writes:
>> note that unless you're firewalled or something, anyone can connect
>> to that port on your machine and get to iglou.com, pretending that
>> they're coming from you.
B> Is that true? I thought the whole point of ssh/sshd was allow
B> secure remote access through encryption, and host/user verification
B> by encrypted keys.
It is, but when you start redirecting ports like that, you are
subverting such protections for the sake of convenience. It allows
you to point apps at your machine and have them automatically take
advantage of the secure ssh pipe, but it also allows other people to
point their apps at your machine....
--
Alan Shutko <ats@acm.org> - By consent of the corrupted
Put your best foot forward. Or just call in and say you're sick.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-29 21:36 ` Alan Shutko
@ 1998-03-30 13:01 ` Robert Bihlmeyer
0 siblings, 0 replies; 18+ messages in thread
From: Robert Bihlmeyer @ 1998-03-30 13:01 UTC (permalink / raw)
Hi,
>>>>> On 29 Mar 1998 15:36:59 -0600
>>>>> Alan Shutko <ats@acm.org> said:
Alan> It is, but when you start redirecting ports like that, you are
Alan> subverting such protections for the sake of convenience. It
Alan> allows you to point apps at your machine and have them
Alan> automatically take advantage of the secure ssh pipe, but it
Alan> also allows other people to point their apps at your
Alan> machine....
Hmm, perhaps there should be an option for ssh, to only accept
connects from localhost on forwarded ports. This covers most uses, and
gives you more security.
Robbe
--
Robert Bihlmeyer reads: Deutsch, English, MIME, Latin-1, NO SPAM!
<robbe@orcus.priv.at> <http://stud2.tuwien.ac.at/~e9426626/sig.html>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-29 20:38 ` Felix Lee
@ 1998-03-30 20:05 ` Richard Hoskins
0 siblings, 0 replies; 18+ messages in thread
From: Richard Hoskins @ 1998-03-30 20:05 UTC (permalink / raw)
Felix Lee <flee@teleport.com> writes:
> it shouldn't be too hard to add to ssh a flag that says,
> "don't accept connections at the forwarding port unless they
> come from a particular IP address", but I don't see such a
> thing (in 1.2.20 at least. haven't looked at newer yet.)
This is on the TODO list distributed with ssh 1.2.22.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-28 8:16 ssh rulez Lars Magne Ingebrigtsen
1998-03-28 16:43 ` Harry Putnam
1998-03-28 19:17 ` Richard Hoskins
@ 1998-03-31 16:37 ` Francois Felix Ingrand
1998-04-01 14:06 ` Lars Magne Ingebrigtsen
1998-03-31 21:46 ` Manoj Srivastava
1998-04-15 3:50 ` Eze Ogwuma
4 siblings, 1 reply; 18+ messages in thread
From: Francois Felix Ingrand @ 1998-03-31 16:37 UTC (permalink / raw)
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> Someone told me that ssh was quite good at compressing things, so I
> switched compression on and used the following select method:
>
> (nntp "news"
> (nntp-address "copper.uio.no")
> (nntp-rlogin-program "ssh")
> (nntp-open-connection-function nntp-open-rlogin)
> (nntp-end-of-line "\n")
> (nntp-rlogin-parameters
> ("telnet" "news.uio.no" "nntp")))
>
by default, ssh does not compress... you need to invoke it with -C or
specify Compression yes in the config file.
> And things go *way* faster over my 33.6k modem. I use the Gnus Agent
> to download, and this, like, halves the time it takes to download
> stuff.
You should thus get event a better thruput...
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"Did you realize that 2001: Space Odyssey is 30 years old..." ICQ# 10143726
Professional: http://www.laas.fr/~felix mailto:felix@laas.fr
Personal: http://worldserver.oleane.com/felix mailto:felix@dial.oleane.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-28 8:16 ssh rulez Lars Magne Ingebrigtsen
` (2 preceding siblings ...)
1998-03-31 16:37 ` Francois Felix Ingrand
@ 1998-03-31 21:46 ` Manoj Srivastava
1998-04-15 3:50 ` Eze Ogwuma
4 siblings, 0 replies; 18+ messages in thread
From: Manoj Srivastava @ 1998-03-31 21:46 UTC (permalink / raw)
Hi,
I recal people asking about ssh dropping connections. I use
fetchmail, and the following snippet from the man pages describes how
to set up the connection so that ssh goes away 20 seconds after all
the data has been transferred. Maybe this could be used? (I failed to
see this documented in the ssh docs, though). This works for me, and
the ssh connection does go away.
manoj
Here's an example configuration using ssh. The queries go
through an ssh connecting local port 1234 to port 110 on
mailhost.net; the preconnect command sets up the ssh.
poll mailhost.net via localhost port 1234 with pop3:
preconnect "ssh -f -L 1234:mailhost.net:110
mailhost.net sleep 20 </dev/null >/dev/null";
--
Even a hawk is an eagle among crows.
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-31 16:37 ` Francois Felix Ingrand
@ 1998-04-01 14:06 ` Lars Magne Ingebrigtsen
0 siblings, 0 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 1998-04-01 14:06 UTC (permalink / raw)
Francois Felix Ingrand <felix@dial.oleane.com> writes:
> by default, ssh does not compress... you need to invoke it with -C or
> specify Compression yes in the config file.
Yup. The manual mentions this.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-03-28 8:16 ssh rulez Lars Magne Ingebrigtsen
` (3 preceding siblings ...)
1998-03-31 21:46 ` Manoj Srivastava
@ 1998-04-15 3:50 ` Eze Ogwuma
1998-04-22 18:27 ` Eric Hendrickson
4 siblings, 1 reply; 18+ messages in thread
From: Eze Ogwuma @ 1998-04-15 3:50 UTC (permalink / raw)
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> Someone told me that ssh was quite good at compressing things, so I
> switched compression on and used the following select method:
>
> (nntp "news"
> (nntp-address "copper.uio.no")
> (nntp-rlogin-program "ssh")
> (nntp-open-connection-function nntp-open-rlogin)
> (nntp-end-of-line "\n")
> (nntp-rlogin-parameters
> ("telnet" "news.uio.no" "nntp")))
All that happens when I do something like this is that Gnus hangs.
If I point ssh at port 119 or 25 or any other that gives a welcome
message other than the standard telnet message I get this sort of
error:
$ ssh localhost -p 119
Bad remote protocol version identification: '200 typhoon.ncc.co.uk
InterNetNews server INN 1.7 16-Oct-1997 ready
Am I doing something wrong?
--
Eze Ogwuma
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-04-15 3:50 ` Eze Ogwuma
@ 1998-04-22 18:27 ` Eric Hendrickson
1998-04-26 11:44 ` Eze Ogwuma
0 siblings, 1 reply; 18+ messages in thread
From: Eric Hendrickson @ 1998-04-22 18:27 UTC (permalink / raw)
Cc: ding
Gnus hangs for me also, when I try to open a similar server:
(nntp "news.tc.umn.edu"
(nntp-address "birch.math.umn.edu")
(nntp-rlogin-program "ssh")
(nntp-rlogin-user-name "eric")
(nntp-open-connection-function nntp-open-rlogin)
(nntp-end-of-line "\n")
(nntp-rlogin-parameters
("-x" "-C" "-o" "CompressionLevel" "9" "nc" "news.tc.umn.edu" "nntp")))
This is using nc (netcat) instead of telnet, but I tried it with
telnet just to make sure, and no luck there either. Is there a way to
debug this? I tried setting nntp-record-commands, but the *nntpd*
buffer is empty so it isn't even getting that far.
Any ideas on what I could be doing wrong?
Thanks, Eric
Eze Ogwuma <typhoon@dircon.co.uk> says: "I'm going to Paris and taking Eric"
> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>
> > Someone told me that ssh was quite good at compressing things, so I
> > switched compression on and used the following select method:
> >
> > (nntp "news"
> > (nntp-address "copper.uio.no")
> > (nntp-rlogin-program "ssh")
> > (nntp-open-connection-function nntp-open-rlogin)
> > (nntp-end-of-line "\n")
> > (nntp-rlogin-parameters
> > ("telnet" "news.uio.no" "nntp")))
>
> All that happens when I do something like this is that Gnus hangs.
>
> If I point ssh at port 119 or 25 or any other that gives a welcome
> message other than the standard telnet message I get this sort of
> error:
>
> $ ssh localhost -p 119
> Bad remote protocol version identification: '200 typhoon.ncc.co.uk
> InterNetNews server INN 1.7 16-Oct-1997 ready
>
> Am I doing something wrong?
>
> --
> Eze Ogwuma
>
>
--
Lensmen eat Jedi for breakfast.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-04-22 18:27 ` Eric Hendrickson
@ 1998-04-26 11:44 ` Eze Ogwuma
1998-07-12 19:07 ` Eric D. Hendrickson
0 siblings, 1 reply; 18+ messages in thread
From: Eze Ogwuma @ 1998-04-26 11:44 UTC (permalink / raw)
Cc: ding
Eric Hendrickson <edh@flavius.boston.deshaw.com> writes:
> Gnus hangs for me also, when I try to open a similar server:
>
> (nntp "news.tc.umn.edu"
> (nntp-address "birch.math.umn.edu")
> (nntp-rlogin-program "ssh")
> (nntp-rlogin-user-name "eric")
> (nntp-open-connection-function nntp-open-rlogin)
> (nntp-end-of-line "\n")
> (nntp-rlogin-parameters
> ("-x" "-C" "-o" "CompressionLevel" "9" "nc" "news.tc.umn.edu" "nntp")))
>
> This is using nc (netcat) instead of telnet, but I tried it with
> telnet just to make sure, and no luck there either. Is there a way to
> debug this? I tried setting nntp-record-commands, but the *nntpd*
> buffer is empty so it isn't even getting that far.
>
> Any ideas on what I could be doing wrong?
I was sent this a while ago by Kurt Swanson <kurt@dna.lth.se>:
Kurt> The idea is not to connect to your news server with ssh, but
Kurt> to connect via ssh over a slow link to machine that you log
Kurt> onto and from there connect to the news server via the usual
Kurt> telnet command.
Kurt> I.e.: from home I connect to my office computer via my modem
Kurt> and ssh and from my office computer to my news server (which
Kurt> has a fast connection between them). This is faster than a
Kurt> non-ssh direct connection to the news server.
--
Eze Ogwuma
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: ssh rulez
1998-04-26 11:44 ` Eze Ogwuma
@ 1998-07-12 19:07 ` Eric D. Hendrickson
0 siblings, 0 replies; 18+ messages in thread
From: Eric D. Hendrickson @ 1998-07-12 19:07 UTC (permalink / raw)
Cc: ding
(Blast from the past here, but this is the first time I've had a
chance to look at my Gnus mail group in a while.)
Eze, thanks for your reply but I think what you (Kurt) are suggesting
is already taken into account by my solution below? Doesn't work.
Eric
Eze Ogwuma <typhoon@dircon.co.uk> says: "I'm going to Paris and taking Eric"
> Eric Hendrickson <edh@flavius.boston.deshaw.com> writes:
>
> > Gnus hangs for me also, when I try to open a similar server:
> >
> > (nntp "news.tc.umn.edu"
> > (nntp-address "birch.math.umn.edu")
> > (nntp-rlogin-program "ssh")
> > (nntp-rlogin-user-name "eric")
> > (nntp-open-connection-function nntp-open-rlogin)
> > (nntp-end-of-line "\n")
> > (nntp-rlogin-parameters
> > ("-x" "-C" "-o" "CompressionLevel" "9" "nc" "news.tc.umn.edu" "nntp")))
> >
> > This is using nc (netcat) instead of telnet, but I tried it with
> > telnet just to make sure, and no luck there either. Is there a way to
> > debug this? I tried setting nntp-record-commands, but the *nntpd*
> > buffer is empty so it isn't even getting that far.
> >
> > Any ideas on what I could be doing wrong?
>
> I was sent this a while ago by Kurt Swanson <kurt@dna.lth.se>:
>
> Kurt> The idea is not to connect to your news server with ssh, but
> Kurt> to connect via ssh over a slow link to machine that you log
> Kurt> onto and from there connect to the news server via the usual
> Kurt> telnet command.
>
> Kurt> I.e.: from home I connect to my office computer via my modem
> Kurt> and ssh and from my office computer to my news server (which
> Kurt> has a fast connection between them). This is faster than a
> Kurt> non-ssh direct connection to the news server.
>
> --
> Eze Ogwuma
>
--
"No job too big; no fee too big!"
-- Dr. Peter Venkman, "Ghost-busters"
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~1998-07-12 19:07 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1998-03-28 8:16 ssh rulez Lars Magne Ingebrigtsen
1998-03-28 16:43 ` Harry Putnam
1998-03-28 17:14 ` Bud Rogers
1998-03-28 19:17 ` Richard Hoskins
1998-03-29 8:04 ` Lars Magne Ingebrigtsen
1998-03-29 19:39 ` Felix Lee
1998-03-29 20:12 ` Bud Rogers
1998-03-29 20:38 ` Felix Lee
1998-03-30 20:05 ` Richard Hoskins
1998-03-29 21:36 ` Alan Shutko
1998-03-30 13:01 ` Robert Bihlmeyer
1998-03-31 16:37 ` Francois Felix Ingrand
1998-04-01 14:06 ` Lars Magne Ingebrigtsen
1998-03-31 21:46 ` Manoj Srivastava
1998-04-15 3:50 ` Eze Ogwuma
1998-04-22 18:27 ` Eric Hendrickson
1998-04-26 11:44 ` Eze Ogwuma
1998-07-12 19:07 ` Eric D. Hendrickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).