Re: OpenSSH VPN support

[Robert Vogelgesang <vogel users sourceforge net>]

Hello,

On Sat, Dec 05, 2009 at 11:59:31AM +0900, Daiki Ueno wrote:
> Dan Williams <dcbw redhat com> writes:
> 
> > Neat!  I'll take a look when I've got a bit of time.  The UI bits look
> > OK so far, and while I dislike the whole configure script thing it's
> > basically necessary for some configs and we can't get away from that.
> 
> I'm glad to hear that this plugin seems to make sense.  I had thought
> that OpenSSH VPN was too ad-hoc to be supported by NM.
> 
> > A few suggestions:
> >
> > 1) May want to rename "Config script" to "Remote Setup Script"; UIs
> > usually shouldn't have any colloquialisms in them like "Config".
> >
> > 2) Perhaps add the method to the end of the Tunnel Method?  Like
> > "Point-to-Point (TUN)" and "Ethernet (TAP)" so that it's clearer for
> > people who know how things happen underneath
> 
> Thanks, fixed and pushed.
> 
> > 3) Is there any way we can figure out what pub/priv keys to use?  When I
> > just ssh to a random host, ssh can find the keys I need to use.  Could
> > we do that here, and provide the ability to use specific keys as an
> > "Advanced" option?
> 
> That is indeed possible by scanning ~/.ssh/ and sending pubkeys one by
> one until the server accepts one of them.  I will try to implement it.

please don't forget the keys managed by the SSH authentication agent,
which is actually the gnome-keyring-daemon in Fedora 11/Gnome.  The
authentication agent might have keys that aren't read from files in
~/.ssh/, but during remote SSH sessions from key files stored on the
remote end of the session.

(Before you ask:  No, sorry, I don't know how to talk to this daemon,
maybe someone else on this list can help.  I'm only a frequent user
of this feature of SSH, and I like it very much.)

	Robert

> 
> Regards,
> -- 
> Daiki Ueno
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list