On 08/30/2019 08:41 PM, Anton Aylward wrote:
On 30/08/2019 23:21, Lew Wolfgang wrote:
On 08/30/2019 07:44 PM, Anton Aylward wrote:
On 30/08/2019 12:25, Lew Wolfgang wrote:
Are you sure that Dreamhost doesn't support ssh logins? What "certificate stuff" are you referring to? Yes it does, that was the point I was making.
I simply type "ssh antonaylward.com" and I'm logged in.
I had generated the certificate locally as per the SSH manual, then I 'push' it using 'ssh-copy-id'. Once that's in place all the SSH operations are "automatic login".
As for the use of 'no encryption', see earlier posts. Yup, once you use ssh you're stuck with full encryption by design, unless you find binary patches or recompile. Please see my earlier posts.
Yes, using ssh -c none antonaylward.com
gives me a shh connection without encryption.
When I do that I get a fully encrypted connection along with this message for one of my servers: "No valid ciphers for protocol version 2 given, using defaults." Another client/server (both Leap 15.1) says: "Unknown cypher type "none"" When I do this I get: ssh -c none antonaylward.com No valid ciphers for protocol version 2 given, using defaults. The authenticity of host 'antonaylward.com (66.33.210.248)' can't be established. ECDSA key fingerprint is d1:ff:32:eb:19:56:52:d2:73:b1xxx [MD5]. Are you sure you want to continue connecting (yes/no)? Do you get the "No valid ciphers" message? If not, did you look at the actual ssh traffic with tcpdump or wireshark to see if it's really unencrypted?
BTW, did you disable username/password logins on your Dreamhost account? Yes.
Great!
It's "best practice" for a public facing ssh server. You might also deny connection attempts from all IP's except your own remote client. no. My home system is with an ISP that assigns IP adress using DHCP. My address changes periodically.
Maybe you could deny by default, allow for your ISP's address range?
Do you have that level of control with your Dreamhost account? Yes, but see above.
Do you have a VPS or dedicated server? I have a 'shared service'. I could have a any of the above and more but it would cost a lot more. I'm mostly concerned with storage and email, and that's what I get and I'm happy.
If so, how do you like it? Can you install your own OS through a KVM/IP connection, or do you have use what they give you? If I chose to pay for a dedicated virtual machine option they yes to the above and more.
lew, I suggest you visit the Dreamhost site and see their offerings.
I'm in the market for a dedicated server and was hoping that you could offer a review of their service. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org