Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Aug 2020 10:50:54 +0200
From:      "Dave Cottlehuber" <>
To:        freebsd-questions <>, "Aryeh Friedman" <>
Subject:   =?UTF-8?Q?Re:_OT:_Dealing_with_a_hosting_company_with_it's_head_up_it's_?= =?UTF-8?Q?rear_end?=
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> "[Insert client name here], we do not allow RDP or SSH into our datace=

Get them to give you an additional ipv6 subnet and run ssh on port 80 or=
 whatever only on that. You only need 1 bastion goat to get through usin=
g ssh ProxyCommand.

Or if that=E2=80=99s not possible run haproxy or similar in front of wha=
tever http(s) traffic is allowed, and use tcp detection to redirect actu=
al ssh traffic to ssh while letting the rest through.

I=E2=80=99m all until next week but if you want a hand figuring this out=
 remind me offline on Monday.

If they allow udp traffic then consider sticking ZeroTier or wireguard i=
n and using that. Both are free and don=E2=80=99t need =E2=80=98dangerou=
s tcp=E2=80=99...

I prefer using haproxy as we use it everywhere but the basic idea (port =
share, detect traffic type, proxy tcp) has multiple solutions.

> So how do we/the client tell the hosting company they are full of sh*t=
> client has a 3 year contract with a pay in full to break clause with t=
> which would be over $100k to break)

This is what account managers are good for.=20

Get your customer=E2=80=99s account manager to talk with their account m=
anager and explain that you=E2=80=99ll pull the plug and lawyer up,  if =
std unix ssh isn=E2=80=99t allowed and point out that google and aws sup=
port it. They always cave. Make sure your acct manager is prepped on the=
 tech first.

how did anybody manage to set these boxes up? It must have been painful.=


Want to link to this message? Use this URL: <>