Re: [gnome-love] Gnome SSH agent applet
- From: George Karabin <gkarabin pobox com>
- To: eniac sdf-eu org
- Cc: gnome-love gnome org
- Subject: Re: [gnome-love] Gnome SSH agent applet
- Date: Tue, 13 Apr 2004 00:48:54 -0700
On Apr 12, 2004, at 5:02 PM, Geiregat Jonas wrote:
George Karabin wrote:
On Apr 6, 2004, at 7:35 AM, Sean Middleditch wrote:
On Tue, 2004-04-06 at 10:25, Ross Golder wrote:
I don't know if I've mentioned this before, but if I have, here it
is
again for the newbies...
What we need, for those of you who work with SSH on a regular
basis, is
a panel applet that does pretty much the same as the command-line
'ssh-agent' program, but as a GUI applet.
Actually, you could probably do all of this with just wrapping
ssh-agent. Rewriting that code would be foolish; you don't want to
have
*two* places for security breakage to happen. ssh-agent can already
use
a GTK+ frontend for asking for passphrases, so pretty much all the
applet would need to do is call ssh-agent with various options and
parse
a little output here and there.
Perhaps this applet should (at the user's option) use gnome-keyring
to make the password persistent?
- George
Yes that would be a good idea, but why do you need all the parsing ?
Couldn't you just let the applet drop down a selection list that
starts up an xterm with ssh running in it ?
I'm not sure I understand your question, so forgive me if I've missed
its point. The idea of the proposed applet is to wrap ssh-agent, which
stores private keys for future ssh connections started from the current
X session. The man page for 'ssh' talks about public-key
authentication, and the man page for 'ssh-agent' tells you how to set
up ssh to only need to authenticate the passphrase associated with a
private key once per session.
I.e., enter your passphrase once for a given public key, and then you
don't need to enter it again until you log out. Launching xterms the
way you suggest doesn't tie into the ssh-agent, so you keep on neeeding
to enter passphrases, and you only support that one way of starting
xterminals - not all the many ways that ssh can be used ('scp', 'sftp',
or 'ssh' launched from arbitrary processes).
gnome-keyring would provide a way to make the key persistent across
sessions.
Regarding output parsing, I'd guess Sean means that the applet needs to
parse the output of the 'gnome-ssh-askpass' and 'ssh-agent' commands to
collect the passphrase and to give the user any necessary feedback -
i.e., success, failure, error description, etc. It might get a little
tricky if the output of the above programs changes over time. It may be
worth setting up the code to parse the output of 'ssh -V' to determine
which set of parsing rules to use. It still leaves the possibly of
silent failures with version mismatches open, but without an ssh client
library that gnome can add as a dependency, I'm not sure if there's a
better option.
Regards,
- George
Regards,
--
Ross
_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love
--
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.
_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love
_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love
--
Geiregat Jonas
_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
