On Mon, 2019-10-21 at 15:01 -0400, Paul Frields wrote: > I think I got all the changes done, Jakub -- feel free to take a > look. This > article is scheduled to go out on Wednesday at 0800 UTC time. Thank you for the update. Now, I have only one minor note about the added GatewayPorts configuration. It correctly addresses the use case where others people from example.com need to access the forwarded port, but it does not modify the remote port forwarding specification, which still uses "localhost" by default. For the connection to be accessible also from other hosts, you need to specify it as "-R *:6000:localhost:5000", "-R 0.0.0.0:6000:localhost:5000" or "-R remove.example.com:6000:localhost:5000" (examples differ slightly whether also loopback is bound or not, but all should work -- I would recommend the star notation as it is shortest). Regards, Jakub > On Mon, Oct 21, 2019 at 11:52 AM Jakub Jelen <jjelen@xxxxxxxxxx> > wrote: > > > On Mon, 2019-10-21 at 10:31 -0400, Paul Frields wrote: > > > On Mon, Oct 21, 2019 at 9:13 AM Jakub Jelen <jjelen@xxxxxxxxxx> > > > wrote: > > > > > > > On Mon, 2019-10-21 at 08:36 -0400, Paul Frields wrote: > > > > > Jakub, you can still find it here: > > > > > https://fedoramagazine.org/?p=29503&preview=1&_ppp=7cd9f47a93 > > > > > > > > Thank you for the link. > > > > Generally very nice article. But I have just a few comments: > > > > > > > > * There is an error in the first command or it does not match > > > > description: > > > > > > > > $ ssh -L 8000:localhost:8000 remote.example.com > > > > > > > > should say > > > > > > > > $ ssh -L 80:localhost:8000 remote.example.com > > > > > > > > (note, that you will probably have to run it as a root to be > > > > able > > > > to > > > > bind port 80 here -- I think using the local 8000 port would be > > > > more > > > > appropriate) > > > > > > > > > > This is actually a mistake in the following paragraph, which > > > should > > > have > > > pointed the browser at port 8000. Also, I found another mistake > > > just > > > now > > > which is that I referenced https:// in a preceding paragraph > > > implying > > > port > > > 443, and that could be confusing compared to the example. I'll > > > fix > > > the > > > narrative so it's all consistent. > > > > I missed that S as I was too focused on the port numbers. > > > > > > * The Remote port forwarding can be restricted on the server > > > > with > > > > PermitOpen and GatewayPorts (binds only-loopback by default) > > > > configuration options. Mentioning them might save a lot of > > > > googling > > > > and > > > > trouble for readers who would like to try these things. > > > > > > > > > > Good point -- I'll include that. > > > > > > > > > > * I also miss the emphasis on the security in some places. You > > > > mention > > > > it, but I think in both of the cases (http, mysql), it is good > > > > to > > > > mention that they are (mysql usually) plaintext protocols and > > > > sending > > > > them (as it is) over internet is almost never a good idea. > > > > > > > > > > A lot of people run mysql as a local-only service, so I didn't > > > want > > > the > > > article to get too esoteric. > > > > > > * I miss the -D dynamic port forwarding, which can solve very > > > similar > > > > problems as the local port forwarding, more effectively. But I > > > > understand that it might come as a separate article since it > > > > has on > > > > itself more to say. > > > > > > > > > > Indeed -- the point of this article was to keep things simple. > > > But I > > > definitely like the idea of an article on dynamic port forwarding > > > as > > > a > > > followup. I'll look into that! > > > > > > > > > > Otherwise it is very nice read with simple explanations I would > > > > like > > > > people to read and I will be happy to point to. > > > > > > > > > > This is good to hear Jakub -- thank you for the thorough and > > > helpful > > > review. Once I make changes above, could I ask you to re-review > > > to > > > make > > > sure I don't introduce any "regressions"? > > > > Sure. Just let me know when the changes are ready. > > > > Jakub > > > > > Paul > > > > > > > > > > > On Mon, Oct 21, 2019 at 8:24 AM Jakub Jelen < > > > > > jjelen@xxxxxxxxxx> > > > > > wrote: > > > > > > > > > > > On Mon, 2019-10-21 at 07:57 -0400, Paul Frields wrote: > > > > > > > We track our accepted articles through a kanban here: > > > > > > > > > https://teams.fedoraproject.org/project/asamalik-fedora-magazine/kanban > > > > > > > This story is here along with a link for the article: > > > > > > > > > > > https://teams.fedoraproject.org/project/asamalik-fedora-magazine/us/81 > > > > > > > Although it does occur to me, have you edited for us > > > > > > > previously? > > > > > > > Let > > > > > > > us > > > > > > > know if you have any issues reaching the article. > > > > > > > > > > > > I already have access to the wp-admin interface, since I > > > > > > already > > > > > > wrote > > > > > > one ssh article, but I do not seem to have access to this > > > > > > unpublished > > > > > > article. > > > > > > > > > > > > If that is too complicated to let me in, lets drop it and > > > > > > leave > > > > > > on > > > > > > on > > > > > > the official reviewers. I will not have time to work/review > > > > > > on > > > > > > more > > > > > > articles, but I was interested in this particular one as it > > > > > > is > > > > > > my > > > > > > domain. > > > > > > > > > > > > Regards, > > > > > > Jakub > > > > > > > > > > > > > Paul > > > > > > > > > > > > > > On Mon, Oct 21, 2019 at 2:59 AM Jakub Jelen < > > > > > > > jjelen@xxxxxxxxxx> > > > > > > > wrote: > > > > > > > > > > > > > > > On Sun, 2019-10-20 at 19:50 -0400, Paul Frields wrote: > > > > > > > > > I finished my SSH port forwarding article. Would > > > > > > > > > someone > > > > > > > > > like > > > > > > > > > to > > > > > > > > > review it > > > > > > > > > for its Wednesday slot? > > > > > > > > > > > > > > > > I think I can do that, at least from the technical > > > > > > > > point of > > > > > > > > view. > > > > > > > > Can > > > > > > > > you share a link or some place I can do that? I saw the > > > > > > > > article > > > > > > > > already > > > > > > > > scheduled, but I did not find a way to open it. > > > > > > > > > > > > > > > > Regards, > > > > > > > > -- > > > > > > > > Jakub Jelen > > > > > > > > Senior Software Engineer > > > > > > > > Security Technologies > > > > > > > > Red Hat, Inc. > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Jakub Jelen > > > > > > Senior Software Engineer > > > > > > Security Technologies > > > > > > Red Hat, Inc. > > > > > > > > > > > > > > > > -- > > > > Jakub Jelen > > > > Senior Software Engineer > > > > Security Technologies > > > > Red Hat, Inc. > > > > > > > > > > -- > > Jakub Jelen > > Senior Software Engineer > > Security Technologies > > Red Hat, Inc. > > > > -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ Fedora Magazine mailing list -- magazine@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to magazine-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/magazine@xxxxxxxxxxxxxxxxxxxxxxx
